コピペでQualys SSL Server Test A+ ゲットだぜ！

Slide 1

Slide 1 text

ίϐϖͰQualys SSL Server Test A+ ήοτͩͥʂ atpons @ IGGG Meetup 2016 Summer

Slide 2

Slide 2 text

ࣗݾ঺հ

Slide 3

Slide 3 text

atpons / ϙϯਣ

Slide 4

Slide 4 text

https://atpons.com/ ϗεςΟϯά࣌ͷ஌ݟ

Slide 5

Slide 5 text

Έͳ͞Μ SSL ͯ͠·͔͢ʁ

Slide 6

Slide 6 text

Έͳ͞Μ TLS ͯ͠·͔͢ʁ

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

҆શͳ઀ଓ

Slide 9

Slide 9 text

ੲͷৗࣝ

Slide 10

Slide 10 text

ূ໌ॻߴ͍

Slide 11

Slide 11 text

ࠓͷৗࣝ

Slide 12

Slide 12 text

No content

Slide 13

Slide 13 text

ແྉͷূ໌ॻ

Slide 14

Slide 14 text

ςετ؀ڥ

Slide 15

Slide 15 text

- Ubuntu 16.04.1 LTS - Apache/2.4.18 (Ubuntu) - $ sudo letsencrypt —-apache ࡁ ˎˎˎˎˎˎˎˎˎˎ on DigitalOcean

Slide 16

Slide 16 text

ͳɺͳΜͩͬͯʁ

Slide 17

Slide 17 text

ʮnginxʯͩͱʁ

Slide 18

Slide 18 text

;ɺ;͚͟Δͳ ✊

Slide 19

Slide 19 text

ʮApacheʯͰ ѹ౗త੒௕

Slide 20

Slide 20 text

SSL/TLSͷ੬ऑੑ

Slide 21

Slide 21 text

Heartbleed POODLE etc…

Slide 22

Slide 22 text

HTTPSαʔό ઃఆͷॏཁੑ

Slide 23

Slide 23 text

SSL/TLS͸ ༗ޮ͚ͩͰ͸ ҙຯ͕ͳ͍

Slide 24

Slide 24 text

ݹ͍ Cipher SuiteͰ͸ ҙຯ͕ͳ͍

Slide 25

Slide 25 text

Cipher Suite ʹԿΛબͿ 5-4పఈԋश4QFBLFS%FDLIUUQTTQFBLFSEFDLDPNTIJHFLJUMTDIFEJZBOYJΑΓҾ༻ ࠓ͸5-4ʹԿΛ࢖͏ʁ 伴ަ׵ 34" 'PSXBSE4FDSFDZ %)& &$%)& σδλϧॺ໊ 34" %44 %4" &$%4" ର৅҉߸ %&4 3$ "&4 $IB$IB ͦͷଞ ҉߸Ϟʔυ $#$ "&"% $$. ($. 1PMZ ϝοηʔδೝূ ʢϋογϡʣ .% 4)" 4)" 4)" ੺ɿ࢖Θͳ͍ɺԫɿ஫ҙɺ྘ɿࠓͷͱ͜Ζ࢖ͬͯେৎ෉ ஫ҙ͸ɺ҉߸ֶత஫ҙͱকདྷతʹීٴ͕ݟࠐ·Εͳ͍஫ҙ΋ؚ·Ε·͢ ͪͳΈʹɺ ྔࢠίϯϐϡʔλͰ伴ަ׵ɺσδλ ϧॺ໊͸શ෦Ξ΢τʂ Cipher Suite

Slide 26

Slide 26 text

HTTPSαʔόςετͷ ॏཁੑ

Slide 27

Slide 27 text

Qualys SSL Server Test

Slide 28

Slide 28 text

Qualys SSL Server Test

Slide 29

Slide 29 text

ͱΓ͋͑ͣ͜͜Ͱ A+ औͬͯQiitaʹࡌͤ Ε͹͍͍ΜͰ͠ΐ

Slide 30

Slide 30 text

No content

Slide 31

Slide 31 text

HTTPSαʔό ઃఆͩΔ͍ʁ

Slide 32

Slide 32 text

ྑ͍ײ͡ͷ conﬁgΛు͘

Slide 33

Slide 33 text

Mozilla SSL Conﬁguration Generator

Slide 34

Slide 34 text

https://mozilla.github.io/ server-side-tls /ssl-conﬁg-generator/

Slide 35

Slide 35 text

σϞ

Slide 36

Slide 36 text

Demo • Mozilla SSL Conﬁguration Generator • Apache / Intermediate / HSTS Enabled • Cipher Suite • ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE- ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA- AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM- SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE- RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256- SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA- AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128- SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3- SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM- SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- SHA:AES256-SHA:DES-CBC3-SHA:!DSS

Slide 37

Slide 37 text

Qualys SSL Server Test

Slide 38

Slide 38 text

A+ήοτͩͥʂ

Slide 39

Slide 39 text

Conclusion • A+ ධՁΛಘΔͨΊʹ͸ϓϩτίϧ΍Cipher Suiteͷ ݟ௚͕͠ඞཁ • ࠓޙHTTP/2ߦ͘ͳΒTLS 1.2͕ཁ݅ʹͳ͍ͬͯΔ • ͋͘·Ͱ΋HTTPSαʔόͷSSL/TLSͷݕূ • Webαʔόࣗମͷ੬ऑੑ΍ɼXSSͱ͔ɼҰൠతͳη ΩϡϦςΟରࡦ͸ඞཁͰ͢ʢࠓճ͸লུ͍ͯ͠·͢ʣ

Slide 40

Slide 40 text

Conclusion • Let’s Encrypt • DVূ໌ॻͳͷͰݸਓϢʔε޲͚ͩΑͶ • 90೔Ͱͷߋ৽͕ඞཁͳͷͰͦͷ࡞ۀͷࣗಈ ԽΛ๨ΕΔͱࠔΔ • ΋ͪΖΜcronͰࣗಈԽʙ

Slide 41

Slide 41 text

ࢀߟจݙ • TLSపఈԋश • https://speakerdeck.com/shigeki/tlsche-di- yan-xi