Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SSl と仲良くなるやり方
Search
mickey
September 09, 2016
Technology
1
3.4k
SSl と仲良くなるやり方
mickey
September 09, 2016
Tweet
Share
More Decks by mickey
See All by mickey
超Redisマスターになる話
happysiro
0
96
BINDからの卒業
happysiro
1
2.2k
Other Decks in Technology
See All in Technology
WebアプリケーションにおけるPDOの使い方入門 / phpcon odawara 2024
meihei3
2
440
サーバー間 GraphQL と webmock-graphql の話 / server-to-server graphql and webmock-graphql
qsona
2
170
4年前、あるじゃん老害エンジニアLT合戦に登壇、米国西海岸コンピュータ歴史博物館体験記の続編
toshi_atsumi
0
220
Cracking the KubeCon CfP
inductor
2
130
Java EE/Jakarta EEの現状と将来―クラウドネイティブ時代にJava EEは対応できるのか?―
takakiyo
1
120
私が trocco を推す理由
__allllllllez__
1
190
SREとその組織類型
tatsuo48
9
1.6k
KubeConにproposalを送りたい人へのアドバイス
sat
PRO
2
110
Meta Quest 3 で動く桜マシマシ WebXR アプリを IBM Cloud Code Engine と Babylon.js で作った話
1ftseabass
PRO
0
110
DevOpsDays History and my DevOps story
kawaguti
PRO
9
2.3k
Algyan イベント振り返り
linyixian
0
200
開発生産性向上サービスを作るFindyが自分たちで開発生産性を爆上げした組織づくりの歩み / Findy's path to boosting its own development productivity 2024-04-17
ma3tk
3
470
Featured
See All Featured
Put a Button on it: Removing Barriers to Going Fast.
kastner
58
3k
YesSQL, Process and Tooling at Scale
rocio
163
13k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.9k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
658
120k
From Idea to $5000 a Month in 5 Months
shpigford
377
45k
Statistics for Hackers
jakevdp
789
220k
The Cult of Friendly URLs
andyhume
74
5.7k
Code Review Best Practice
trishagee
54
15k
A designer walks into a library…
pauljervisheath
199
23k
Clear Off the Table
cherdarchuk
83
310k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
60
14k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
154
14k
Transcript
ࡾπݡҰ(.01&1"#0JOD ϖύϘςοΫΧϯϑΝϨϯε 44-ͱྑ͘ͳΔΓํ
ΠϯϑϥΤϯδχΞ ࡾπݡҰ!NJDLFZ ٕज़෦Πϯϑϥάϧʔϓ
ΠϯϑϥΤϯδχΞ ࡾπݡҰ!NJDLFZ ٕज़෦Πϯϑϥάϧʔϓ
Χϥʔϛʔγϣοϓ
None
44-ͬͯͳΜͩΖ͏ʁ
None
44-Λར༻͢Δͱ
ใͷվ͟Μ
ใͷ౪Έݟ
Λ͙ࣄ͕Ͱ͖·͢
͜ΕΛͲ͏࣮ͬͯݱͨ͠ͷ͔ʁ
࣮ͷঢ়گ wαϒυϝΠϯͷৗ࣌44-Խ wATIPQQSPKQAυϝΠϯ ͨͱ͑ɼFYBNQMFTIPQ QSPKQ ͷৗ࣌44-ԽΛߦ͍·͢ wಠࣗυϝΠϯ FYBNQMFDPN ͷৗ࣌44-Խ wಠࣗυϝΠϯ
FYBNQMFDPN ͷৗ࣌44-Խ
શମͷߏ
ߏ Ҏલͷߏ ࠓͷߏ -PBE#BMBODFS "QQMJDBUJPO 4FSWFS "QQMJDBUJPO 4FSWFS -PBE#BMBODFS 3FWFSTF
1SPYZ 3FWFSTF 1SPYZ "QQMJDBUJPO 4FSWFS "QQMJDBUJPO 4FSWFS
-PBE#BMBODFS 3FWFSTF 1SPYZ 3FWFSTF 1SPYZ "QQMJDBUJPO 4FSWFS "QQMJDBUJPO 4FSWFS ಛ
-PBE#BMBODFS 3FWFSTF 1SPYZ 3FWFSTF 1SPYZ "QQMJDBUJPO 4FSWFS "QQMJDBUJPO 4FSWFS
1SPYZΛஔ͍ͨཧ༝ wେྔͷূ໌ॻΛཧͨ࣌͠ɼϝϞϦফඅྔ͕૿͑ͯ͠·͏ wେྔʹূ໌ॻΛಡΈࠐΉͷͰɼ̍ͭͷϓϩηε͋ͨΓ ͷϝϞϦফඅྔ͕૿͑·͢ ϓϩηε .BOBHFS ϓϩηε ϓϩηε
1SPYZΛஔ͍ͨཧ༝ w"QBDIFϦΫΤετ͝ͱʹɼϓϩηε͕૿͑·͢ wͳͷͰɼϓϩηε͕ଠ͍ͬͯΔͱશମͱͯ͠ϝϞϦফඅ ྔ͕૿͑·͢ ϓϩηε .BOBHFS ϓϩηε ϓϩηε
1SPYZΛஔ͍ͨཧ༝ wOHJOYͩͱɼ୯ҰͷϓϩηεͰϦΫΤετΛॲཧ͢Δํ ࣜͷͳͷͰɼϝϞϦফඅྔ͕૿͑·ͤΜ w·ͨɼࠓޙɼಠࣗυϝΠϯͷৗ࣌44-ରԠͰɼ OHY@NSVCZΛ༻͍ͨಈతͳূ໌ॻͷಡΈࠐΈΛߦ͍ͨ ͔͔ͬͨΒͰ͢
ͭͷΈ͕͋Γ·ͨ͠
ύϑΥʔϚϯε
ύϑΥʔϚϯεͷݒ೦ w1SPYZͷΦʔόʔϔου w1SPYZͱ"QQMJDBUJPOαʔόʔͷ௨৴͕༨ܭʹൃੜ͢Δࣄ ʹΑΔϨΠςϯγͷ૿Ճ w44-Խʹͱͳ͏Φʔόʔϔου w҉߸Խͱ෮߸ʹϦιʔεΛফඅ͢ΔࣄʹΑΔεϧʔϓοτͷ Լ w44-ͷηογϣϯͷཱ֬ʹΑΔϨΠςϯγͷ૿Ճ
ҰͭҰͭݕূ͍͖ͯ͠·ͨ͠
ݕূํ๏ wෛՙࢼݧΛ࣮ࢪ͠ɼεϧʔϓοτͱϨΠςϯγΛௐࠪ͠·ͨ͠ wෳͷαʔόʔ͔ΒෛՙΛ͔͚ΔͨΊɼ-0$645 IUUQ MPDVTUJP ͱ͍͏πʔϧΛ༻͍·ͨ͠
1SPYZʹΑΔΦʔόʔϔου w ݕূͨ݁͠Ռɼ΄ͱΜͲѱԽ ͠·ͤΜͰͨ͠ w 1SPYZͱ"QQMJDBUJPO4FSWFS ͕ಉ͡%$ʹ͔͋ͬͨΒͰ͢ -PBE#BMBODFS 3FWFSTF 1SPYZ
3FWFSTF 1SPYZ "QQMJDBUJPO 4FSWFS "QQMJDBUJPO 4FSWFS %BUB$FOUFS
҉߸Խ෮߸ԽʹΑΔΦʔόʔϔου wௐࠪͨ͠ͱ͜Ζɼ҉߸Խͱ෮߸Խʹ͙Β͍$16ར༻ ͕૿Ճ͢Δͱ͍͏͜ͱͰͨ͠ w࣮ࡍʹෛՙࢼݧΛͯ͠Έͨͱ͜Ζɼ1SPYZࣗମͷෛՙ͕େ ͖͘ͳΔ͜ͱ͋Γ·ͤΜͰͨ͠ IUUQTXXXJNQFSJBMWJPMFUPSHPWFSDMPDLJOHTTMIUNM
Γηογϣϯཱ֬ͷΦʔόʔϔου
ηογϣϯཱ֬ͷΦʔόʔϔου )551 44- )5514 GET / Client Server HTTP 3FTQPODF
Client Hello TLS/SSL Session Establish Client Server Server Hello Certificate Server Key Exchange Server Hello Done Client Key Exchange Change Cipher Spec Finished Change Cipher Spec Finished GET / HTTP 3FTQPODF
ͲͷΑ͏ʹղফͨ͠ͷ͔
4FTTJPO3FTVNQUJPO wҰཱ֬ͨ͠ηογϣϯΛ࠶ར༻͢ΔͨΊͷΈͰ͢ wҎԼͷछྨ͕͋Γ·͢ wαʔόʔଆͰηογϣϯใΛ֮͑Δํࣜ w4FTTJPO$BDIF wΫϥΠΞϯτଆͰηογϣϯใΛ֮͑Δํࣜ w4FTTJPO5JDLFU
4FTTJPO$BDIF w44-ͷηογϣϯͷཱ֬ʹඞཁͳใΛ$BDIF͢Δ ͷͰ͢ wෳͷαʔόʔΛར༻͢ΔͳΒɼԿΒ͔ͷํ๏Ͱ $BDIFΛڞ༗͢Δඞཁ͕͋Γ·͢ w/HJOYͰɼ͜ͷڞ༗ͷͨΊͷʹରԠ͍ͯ͠· ͤΜ
4FTTJPO5JDLFU w 4FSWFS͕อଘ͢ΔηογϣϯใΛ ҉߸Խͯ͠ɼΫϥΠΞϯτʹૹΓɼΫ ϥΠΞϯτ͕ηογϣϯΛΩϟογϡ ͢Δͱ͍͏ΈͰ͢ Client Hello TLS/SSL Session
Establish Client Server Server Hello Finished Finished New Session Ticket
4FTTJPO5JDLFU w࠶։͢Δ࣌ɼ w$MJFOU͕$MJFOU)FMMPͱͱ ʹ4FTTJPO5JDLFUΛ 4FSWFSʹૹΔ wͦͷޙɼෳ߹ͱݕূʹޭ͢ ΕηογϣϯΛ࠶։͢Δ Client Hello TLS/SSL
Session Establish Client Server Server Hello Change Cipher Spec Finished Change Cipher Spec Finished Session Ticket
4FTTJPO5JDLFULFZͷఆظతͳߋ৽ w4FTTJPO5JDLFULFZ͕࿙Ӯ͢Δͱɼ44-௨৴͕ղಡͰ͖ͯ͠· ͍·͢ w͜ͷͨΊɼ4FTTJPO5JDLFULFZɼఔͰߋ৽͢Δ͜ͱ͕ਪ ͞Ε͍ͯ·͢ wגࣜձࣾϝϧΧϦͷ$POTVMΛར༻ͨ͠ࣄྫΛࢀߟʹ̍ຖʹߋ ৽͍ͯ͠·͢ IUUQUFDINFSDBSJDPNFOUSZ
݁Ռ
ৗ࣌44-Խ͍ͯ͠ͳ͍αʔό ৗ࣌44-Խͨ͠αʔό ݱ࣮ͷύϑΥʔϚϯε w44-Խ͢ΔલͱಉͱϨΠςϯγʹͳΓ·ͨ͠
44-ͷධՁ w44-Λ҆શੑͳͲͰධՁͨ͠ͱ͜Ζɼ" Ͱͨ͠
·ͱΊ
·ͱΊ w44-ͱྑ͘͢Δʹ͍͔ͭ͘ͷίπ͕ඞ༻Ͱ͢ w͜ͷൃදͰɼେྔͷূ໌ॻΛѻ͏ͳΒɼOHJOYΛར༻ͨ͠΄͏͕ྑ͍͜ ͱ w·ͨɼOHY@NSVCZΛར༻͢Εɼಈతʹূ໌ॻΛಡΈࠐΊΔ͜ͱ wύϑΥʔϚϯεΛམͱ͞ͳ͍ͨΊʹ4FTTJPO5DJLFUΛར༻ͨ͠΄͏͕ྑ ͍ wʹ͍ͭͯհ͠·ͨ͠
ࠓޙ wಠࣗυϝΠϯʹ͓͚Δৗ࣌44-ͷఏڙʹ͚ɼ։ൃΛਐΊ ͍͖ͯ·͢ w·ͨɼͲ͔͜ͰɼಠࣗυϝΠϯͷ࣌ͷΛհͰ͖ͨΒͱ ࢥ͍·͢