Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
コピペでQualys SSL Server Test A+ ゲットだぜ!
Search
atpons
September 25, 2016
Programming
180
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
コピペでQualys SSL Server Test A+ ゲットだぜ!
設定の見直し
atpons
September 25, 2016
More Decks by atpons
See All by atpons
食べログのサーキットブレーカー導入を振り返って
atpons
1
220
TLSから見るSREの未来
atpons
3
800
Securing Credentials for Package Manager and Bundler
atpons
0
250
AWS Organizations で実現する、 マルチ AWS アカウントのルートユーザー管理からの脱却
atpons
1
750
Other Decks in Programming
See All in Programming
Signal Forms: Details & Live Coding @enterJS 2026 in Mannheim
manfredsteyer
PRO
0
230
その問い、本当に正しいですか?AI時代のエンジニアに必要な哲学と認知科学 / ai-philosophy-cognitive-science
minodriven
14
6.8k
なぜ型を書くのか? TSKaigi2026で改めて考える #tskaigi_smarthr
kajitack
0
340
LaravelLive Japan の裏方のすべて — 第188回 PHP勉強会@東京 (2026-06-24)
suguruooki
2
150
【やさしく解説 設計編・中級 #1】一つの車に、運転手は一人 ~ある倉庫システムの事例から~
panda728
PRO
0
160
どこまでゆるくて許されるのか
tk3fftk
0
470
使用 Meilisearch 建立新聞搜尋工具
johnroyer
0
130
はてなアカウント基盤 State of the Union
cockscomb
1
1.3k
技術記事、 専門家としてのプログラマ、 言語化
mizchi
14
7.4k
【やさしく解説 設計編 #1】「ドメイン駆動」と「実装駆動」ってなに? 〜設計の考え方を、たとえ話で学ぼう〜
panda728
PRO
1
110
act2-costs.pdf
sumedhbala
0
110
Snowflake Summitでの新機能 CoCo / CoWork / snowflake-summit-2026-overall-what-new-coco
tatsuhiro
1
220
Featured
See All Featured
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
What does AI have to do with Human Rights?
axbom
PRO
1
2.2k
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
baasie
0
610
Stop Working from a Prison Cell
hatefulcrawdad
274
21k
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
auna
0
180
Digital Ethics as a Driver of Design Innovation
axbom
PRO
1
340
Test your architecture with Archunit
thirion
1
2.3k
Getting science done with accelerated Python computing platforms
jacobtomlinson
2
260
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
1
310
GraphQLの誤解/rethinking-graphql
sonatard
75
12k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
55k
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
360
Transcript
ίϐϖͰQualys SSL Server Test A+ ήοτͩͥʂ atpons @ IGGG Meetup
2016 Summer
ࣗݾհ
atpons / ϙϯਣ
https://atpons.com/ ϗεςΟϯά࣌ͷݟ
Έͳ͞Μ SSL ͯ͠·͔͢ʁ
Έͳ͞Μ TLS ͯ͠·͔͢ʁ
None
҆શͳଓ
ੲͷৗࣝ
ূ໌ॻߴ͍
ࠓͷৗࣝ
None
ແྉͷূ໌ॻ
ςετڥ
- Ubuntu 16.04.1 LTS - Apache/2.4.18 (Ubuntu) - $ sudo
letsencrypt —-apache ࡁ ˎˎˎˎˎˎˎˎˎˎ on DigitalOcean
ͳɺͳΜͩͬͯʁ
ʮnginxʯͩͱʁ
;ɺ;͚͟Δͳ ✊
ʮApacheʯͰ ѹత
SSL/TLSͷ੬ऑੑ
Heartbleed POODLE etc…
HTTPSαʔό ઃఆͷॏཁੑ
SSL/TLS ༗ޮ͚ͩͰ ҙຯ͕ͳ͍
ݹ͍ Cipher SuiteͰ ҙຯ͕ͳ͍
Cipher Suite ʹԿΛબͿ 5-4పఈԋश4QFBLFS%FDLIUUQTTQFBLFSEFDLDPNTIJHFLJUMTDIFEJZBOYJΑΓҾ༻ ࠓ5-4ʹԿΛ͏ʁ 伴ަ 34" 'PSXBSE4FDSFDZ %)& &$%)&
σδλϧॺ໊ 34" %44 %4" &$%4" ର҉߸ %&4 3$ "&4 $IB$IB ͦͷଞ ҉߸Ϟʔυ $#$ "&"% $$. ($. 1PMZ ϝοηʔδೝূ ʢϋογϡʣ .% 4)" 4)" 4)" ɿΘͳ͍ɺԫɿҙɺɿࠓͷͱ͜Ζͬͯେৎ ҙɺ҉߸ֶతҙͱকདྷతʹීٴ͕ݟࠐ·Εͳ͍ҙؚ·Ε·͢ ͪͳΈʹɺ ྔࢠίϯϐϡʔλͰ伴ަɺσδλ ϧॺ໊શ෦Ξτʂ Cipher Suite
HTTPSαʔόςετͷ ॏཁੑ
Qualys SSL Server Test
Qualys SSL Server Test
ͱΓ͋͑ͣ͜͜Ͱ A+ औͬͯQiitaʹࡌͤ Ε͍͍ΜͰ͠ΐ
None
HTTPSαʔό ઃఆͩΔ͍ʁ
ྑ͍ײ͡ͷ configΛు͘
Mozilla SSL Configuration Generator
https://mozilla.github.io/ server-side-tls /ssl-config-generator/
σϞ
Demo • Mozilla SSL Configuration Generator • Apache / Intermediate
/ HSTS Enabled • Cipher Suite • ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE- ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA- AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM- SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE- RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256- SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA- AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128- SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3- SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM- SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- SHA:AES256-SHA:DES-CBC3-SHA:!DSS
Qualys SSL Server Test
A+ήοτͩͥʂ
Conclusion • A+ ධՁΛಘΔͨΊʹϓϩτίϧCipher Suiteͷ ݟ͕͠ඞཁ • ࠓޙHTTP/2ߦ͘ͳΒTLS 1.2͕ཁ݅ʹͳ͍ͬͯΔ •
͋͘·ͰHTTPSαʔόͷSSL/TLSͷݕূ • Webαʔόࣗମͷ੬ऑੑɼXSSͱ͔ɼҰൠతͳη ΩϡϦςΟରࡦඞཁͰ͢ʢࠓճলུ͍ͯ͠·͢ʣ
Conclusion • Let’s Encrypt • DVূ໌ॻͳͷͰݸਓϢʔε͚ͩΑͶ • 90Ͱͷߋ৽͕ඞཁͳͷͰͦͷ࡞ۀͷࣗಈ ԽΛΕΔͱࠔΔ •
ͪΖΜcronͰࣗಈԽʙ
ࢀߟจݙ • TLSపఈԋश • https://speakerdeck.com/shigeki/tlsche-di- yan-xi