HTTPd ssl
ssl対応でけた
自己証明の証明書を放り込んでこんな感じだった
KeyStore store = KeyStore.getInstance("JKS"); store.load(new FileInputStream("~/.keystore"), null); TrustManagerFactory trust = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trust.init(store); KeyManagerFactory key = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); key.init(store, "chageit".toCharArray()); SSLContext ssl = SSLContext.getInstance("TLS"); ssl.init(key.getKeyManagers(), trust.getTrustManagers(), null); SSLServerSocketFactory factory = ssl.getServerSocketFactory(); SSLServerSocket socket = (SSLServerSocket) factory.createServerSocket(); socket.setNeedClientAuth(false); server.start(socket, null, 443);
証明書は結構適当なのでこんな感じ
openssl s_client -connect localhost:443 したらちゃんとchunkedになってた、中身gzipなので読めないけどブラウザがちゃんと表示できてるしええんやろう
subject=/C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=Unknown issuer=/C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=Unknown --- No client certificate CA names sent --- SSL handshake has read 1315 bytes and written 276 bytes --- New, TLSv1/SSLv3, Cipher is EDH-DSS-DES-CBC3-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : EDH-DSS-DES-CBC3-SHA Session-ID: 531BF458D2F6DD4D2B367FA1B5330A629FC6A6493DB2FCA2E7DE4EA5CA964562 Session-ID-ctx: Master-Key: BF830C39FD7ED14A8CF4F58B94A6131D38FADACE661104F39A7B2A551EAE6540320AED9EF7046FF2E488088EE1DDBD28 Key-Arg : None Start Time: 1394340952 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- GET /ssl+gzip+chunked HTTP/1.1 200 OK Transfer-Encoding: chunked Host: localhost Content-Encoding: gzip Content-Type: text/plain Connection: Keep-Alive a 20 ヒHヘノノラ/.ホムNッハ,ミNホ(ヘヒNM荻サ 0
でも証明書をあらかじめ作るのが面倒、つか一人用Webサーバなので証明書なんてどうでもいい
内容適当のをPGMで作って欲しい
普通フィンガープリント見て判断するから認証局のお墨付きとかいらんのよね
そう思ってあーだこーだやってると「no cipher suites in common」ってエラーが出る始末
なにさ?