领域:burian-服务器
我尝试过的:
user@pc ~ $ curl -v -3 -X HEAD https://burian-server.cz
* Rebuilt URL to: https://burian-server.cz/
* Hostname was NOT found in DNS cache
* Trying 192.168.0.102...
* Connected to burian-server.cz (192.168.0.102) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to burian-server.cz:443
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to burian-server.cz:443
与我的另一个域名相比sslhosting.cz,在不同的主机上运行:
user@pc ~ $ curl -v -3 -X HEAD https://sslhosting.cz
* Rebuilt URL to: https://sslhosting.cz/
* Hostname was NOT found in DNS cache
* Trying 88.86.120.114...
* Connected to sslhosting.cz (88.86.120.114) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
一位测试人员告诉我,我“可能”不属于此类,但我不太理解。
由于上述输出有明显差异,我怀疑我可能错误地配置了 Apache 服务器。
答案1
实际上,https://burian-server.cz/看起来确实不错。测试 https 的一个很棒的免费资源是 Qualys SSL Labs 的SSL 服务器测试。他们不仅会进行全面的测试,还会详细指出可以采取的实际行动,他们的网站上有大量最新信息,解释当前的攻击媒介和缓解措施。mod_security 的创建者 Ivan Ristic 是 Qualys 的工程总监。