最後更新: 2022-05-19
![]() 夢想家活一身, 學無限~ 夢不息, 心不倦~ |
|
學術及資源的交流園地 ^_^ Encrypting File System (EFS)由 datahunter 在 四, 19/05/2022 - 18:19 發表最後更新: 2022-05-19
»
Online Certificate Status Protocol (OCSP)由 datahunter 在 三, 18/05/2022 - 16:08 發表最後更新: 2022-05-18 介紹OCSP was created as an alternative to certificate revocation lists (CRL) Certificate revocation lists (CRL) The browser downloads a list of revoked certificate serial numbers and OCSP A time-stamped OCSP response signed by the CA to the initial TLS handshake If the client does not receive a stapled response, it will just contact the OCSP server by itself. However, if the client receives an invalid stapled response, it will abort the connection. Stapling If OCSP stapling is enabled, in your response, in the OCSP Response Data section, it should say the following: OCSP Response Status: successful (0x0) An OCSP responder A server typically run by the certificate issuer OCSP can be vulnerable to replay attacks (解決: nonce, a validity period) MustStaple TLS extension If a browser encounters a certificate with this extension that is used without OCSP Stapling, then it will be rejected. Note The RFC 6066 specification the server's CertificateStatus reply may only include an OCSP response for a single cert. For server certificates with intermediate CA certificates in their chain (the typical case nowadays) only partially achieves the => "saving roundtrips and resources" TLSv1.3 automatically removes this limitation, Under TLS 1.3 a server can send multiple OCSP responses, # For TLS 1.2 Under TLS 1.2 only one stapled response can be sent by a server, the OCSP response associated with the end-certificate. RFC 6961 defines a Multiple Certificate Status Request extension, which allows a server to send multiple OCSP responses in the TLS handshake.
»
Windows cmd command由 datahunter 在 四, 05/05/2022 - 15:03 發表
»
AWS S3 CLI由 datahunter 在 四, 05/05/2022 - 10:40 發表最後更新: 2022-05-13 目錄
»
![]() |