読者です 読者をやめる 読者になる 読者になる

HTTPd ssl

ssl対応でけた
自己証明の証明書を放り込んでこんな感じだった

KeyStore store = KeyStore.getInstance("JKS");
store.load(new FileInputStream("~/.keystore"), null);
TrustManagerFactory trust = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trust.init(store);
KeyManagerFactory key = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
key.init(store, "chageit".toCharArray());

SSLContext ssl = SSLContext.getInstance("TLS");
ssl.init(key.getKeyManagers(), trust.getTrustManagers(), null);
SSLServerSocketFactory factory = ssl.getServerSocketFactory();
SSLServerSocket socket = (SSLServerSocket) factory.createServerSocket();
socket.setNeedClientAuth(false);

server.start(socket, null, 443);

証明書は結構適当なのでこんな感じ
openssl s_client -connect localhost:443 したらちゃんとchunkedになってた、中身gzipなので読めないけどブラウザがちゃんと表示できてるしええんやろう

subject=/C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=Unknown
issuer=/C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=Unknown
---
No client certificate CA names sent
---
SSL handshake has read 1315 bytes and written 276 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-DSS-DES-CBC3-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-DSS-DES-CBC3-SHA
    Session-ID: 531BF458D2F6DD4D2B367FA1B5330A629FC6A6493DB2FCA2E7DE4EA5CA964562    Session-ID-ctx: 
    Master-Key: BF830C39FD7ED14A8CF4F58B94A6131D38FADACE661104F39A7B2A551EAE6540320AED9EF7046FF2E488088EE1DDBD28
    Key-Arg   : None
    Start Time: 1394340952
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
GET /ssl+gzip+chunked

HTTP/1.1 200 OK
Transfer-Encoding: chunked
Host: localhost
Content-Encoding: gzip
Content-Type: text/plain
Connection: Keep-Alive

a

20
ヒHヘノノラ/.ホムNッハ,ミNホ(ヘヒNM荻サ
0

でも証明書をあらかじめ作るのが面倒、つか一人用Webサーバなので証明書なんてどうでもいい
内容適当のをPGMで作って欲しい
普通フィンガープリント見て判断するから認証局のお墨付きとかいらんのよね

そう思ってあーだこーだやってると「no cipher suites in common」ってエラーが出る始末
なにさ?