域名: burian-server.cz
我试过了:
user@pc ~ $ curl -v -3 -X HEAD https://burian-server.cz * Rebuilt URL to: https://burian-server.cz/ * Hostname was NOT found in DNS cache * Trying 192.168.0.102... * Connected to burian-server.cz (192.168.0.102) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * Unknown SSL protocol error in connection to burian-server.cz:443 * Closing connection 0 curl: (35) Unknown SSL protocol error in connection to burian-server.cz:443 与我的另一个域sslhosting.cz相比 ,运行在不同的托pipe:
user@pc ~ $ curl -v -3 -X HEAD https://sslhosting.cz * Rebuilt URL to: https://sslhosting.cz/ * Hostname was NOT found in DNS cache * Trying 88.86.120.114... * Connected to sslhosting.cz (88.86.120.114) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS alert, Server hello (2): * error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure * Closing connection 0 curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
一位testing人员告诉我,我“可能”不是脆弱的,我不太明白。
由于上述输出有明显差异,我怀疑可能是我的Apache服务器configuration不正确。
其实, https://burian-server.cz/看起来非常好。 Qualys SSL Labs的SSL服务器testing是免费testinghttps的最佳资源。 他们不仅要做全面的testing,还要详细地指出可以采取的实际行动,并且他们的网站有大量最新的信息来解释当前的攻击媒介和缓解措施。 Qualys公司的工程总监Ivan Ristic是mod_security的创始人。