{"id":149577,"date":"2020-08-29T09:09:14","date_gmt":"2020-08-29T01:09:14","guid":{"rendered":"http:\/\/4563.org\/?p=149577"},"modified":"2020-08-29T09:09:14","modified_gmt":"2020-08-29T01:09:14","slug":"%e5%9c%a8-ios-%e7%b3%bb%e7%bb%9f%e4%b8%8a%e6%89%93%e5%bc%80-lets-encrypt-%e8%af%81%e4%b9%a6%e7%9a%84%e5%9f%9f%e5%90%8d%ef%bc%8c%e9%a6%96%e5%bc%80%e6%80%bb%e6%98%af%e5%be%88%e6%85%a2","status":"publish","type":"post","link":"http:\/\/4563.org\/?p=149577","title":{"rendered":"\u5728 ios \u7cfb\u7edf\u4e0a\u6253\u5f00 Let’s Encrypt \u8bc1\u4e66\u7684\u57df\u540d\uff0c\u9996\u5f00\u603b\u662f\u5f88\u6162"},"content":{"rendered":"
\n
\n
\n

\u5728 ios \u7cfb\u7edf\u4e0a\u6253\u5f00 Let’s Encrypt \u8bc1\u4e66\u7684\u57df\u540d\uff0c\u9996\u5f00\u603b\u662f\u5f88\u6162 <\/h1>\n

<\/p>\n

\n
\u8cc7\u6df1\u5927\u4f6c : echooo0 <\/span> <\/i> 6<\/span> <\/div>\n
<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n
<\/p>\n

\u5728 ios \u7cfb\u7edf\u4e0a\u6253\u5f00 Let’s Encrypt \u8bc1\u4e66\u7684\u57df\u540d\uff0c\u9996\u5f00\u603b\u662f\u5f88\u6162\uff0c\u7b2c\u4e8c\u6b21\u4ee5\u540e\u5c31\u5f88\u5feb\u4e86\u3002<\/p>\n

\u4e4b\u524d\u56e0\u4e3a LE \u8bc1\u4e66\u7684 OCSP \u57df\u540d\u88ab\u6c61\u67d3\uff0c\u5728\u670d\u52a1\u5668\u7aef\u505a\u4e86 ocsp stapling,<\/p>\n

\u7136\u540e\u7528\u8fd9\u4e2a\u7f51\u5740 https:\/\/www.ssllabs.com\/ssltest \u6d4b\u8bd5\u4e86\u4e0b\uff0c\u7f51\u7ad9\u7684 ocsp stapling \u662f\u6b63\u5e38\u5f00\u542f\u7684<\/p>\n

\u4f46\u662f\u4e0d\u77e5\u9053\u4e3a\u4ec0\u4e48\u9996\u5f00\u8fd8\u662f\u5f88\u6162\uff1b\u5728 pc \u7aef\u7684 chrome \u4e0a\u6d4b\u8bd5\uff0c\u9996\u5f00\u5c31\u5f88\u5feb(\u636e\u8bf4 chrome \u65e9\u5c31\u4e0d\u9a8c\u8bc1 ocsp \u4e86)<\/p>\n<\/p><\/div>\n

\u5927\u4f6c\u6709\u8a71\u8aaa<\/b> (18<\/span>) <\/div>\n
<\/div>\n<\/p><\/div>\n<\/p><\/div>\n
    \n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : chihiro2014 <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u5176\u5b9e\u6211\u89c9\u5f97 IOS \u4e0d\u7ba1\u5f00\u5565\u7f51\u9875\u90fd\u5f88\u6162 emm <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u4e3b<\/span> \u8cc7\u6df1\u5927\u4f6c : echooo0 <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @chihiro2014 \u9996\u5f00\u5f88\u6162\uff0c\u7b2c\u4e8c\u6b21\u5f00\u5f88\u5feb <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : keyfunc <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u9519\u89c9\u5427\uff0cchrome \u4e0d\u9a8c\u8bc1 crl \u548c ocsp\uff0c\u6240\u4ee5\u7f51\u9875\u901f\u5ea6\u548c\u8bc1\u4e66\u57fa\u672c\u6ca1\u4efb\u4f55\u5f71\u54cd <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : txx <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u653e\u5f03\u5427…\u6211\u6298\u817e\u4e86\u597d\u51e0\u5929\u6700\u540e\u6539\u6210\u963f\u91cc\u4e91\u3001\u817e\u8baf\u4e91\u7684\u514d\u8d39\u8bc1\u4e66\u8bc1\u4e66\u4e4b\u540e\uff0c\u7acb\u523b\u89e3\u51b3\u4e86\u8fd9\u4e2a\u95ee\u9898\u3002 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : chihiro2014 <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @echooo0 \u4e3b\u8981\u662f\u8ba8\u538c safari \u5f00\u7f51\u9875\u7684\u65f6\u5019\uff0c\u540e\u9000\u603b\u7ed9\u4eba\u5361\u4f4f\u7684\u611f\u89c9 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : nigelvon <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u8fd9\u4e2a\u6709\u7ed3\u8bba\u4e86\uff0c\u6211\u4eec\u4e4b\u524d\u8e29\u8fc7\u8fd9\u4e2a\u5751\uff0ciOS \u8bbe\u5907\u53d7\u5f71\u54cd\u6bd4\u8f83\u591a\uff0c\u5b89\u5353\u548c chrome \u6ca1\u4e8b\u3002\u8981\u4e48\u81ea\u5df1\u914d\u670d\u52a1\u5668\u8f6c\u53d1 OCSP\uff0c\u8981\u4e48\u6362\u8bc1\u4e66\u3002 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u4e3b<\/span> \u8cc7\u6df1\u5927\u4f6c : echooo0 <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @nigelvon \u81ea\u5df1\u914d\u670d\u52a1\u5668\u8f6c\u53d1 OCSP \u662f\u5565\u610f\u601d\uff0c\u662f\u4e0d\u662f\u5c31\u662f ocsp stapling\uff0c\u8fd9\u4e2a\u5df2\u7ecf\u505a\u4e86\uff0c\u4f46\u662f\u8fd8\u662f\u6ca1\u6548\u679c <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : my2492 <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @chihiro2014 \u6362\u4e2a\u6d4f\u89c8\u5668\u5c31\u4e0d\u611f\u89c9\u4e86\uff0c\u81ea\u5e26\u6d4f\u89c8\u5668\u8981\u628a\u4e00\u5806\u5783\u573e\u90fd\u52a0\u8f7d\u5b8c\u8fdb\u5ea6\u6761\u624d\u7ed3\u675f\uff0c\u56fd\u5185\u7f51\u7ad9\u5230\u5904\u63d2\u5165\u5783\u573e\u52a0\u8f7d\u6162\u4e0d\u5947\u602a\uff0c1000M \u5bbd\u5e26\u4e5f\u4e00\u6837 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : cwbsw <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @echooo0
    \u6211\u81ea\u5df1\u7684\u5899\u5916 VPS \u5f00\u4e86 OCSP Stapling \u5c31\u89e3\u51b3\u4e86\uff0c\u5899\u5185\u7684\u53ef\u80fd\u8fd8\u9700\u8981\u66f4\u591a\u5904\u7406\u3002
    https:\/\/jhuo.ca\/post\/ocsp-stapling-letsencrypt\/ <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : Meano <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @echooo0 \u7528 openssl \u547d\u4ee4\u786e\u8ba4\u4e0b\u670d\u52a1\u7aef ocsp \u72b6\u6001\uff0c\u670d\u52a1\u7aef\u4e5f\u662f\u9700\u8981\u53bb\u7f13\u5b58\u7684 ocsp file \u7684\uff0c\u5982\u679c\u670d\u52a1\u7aef\u7f13\u5b58\u5c31\u6162\u6216\u8005\u5931\u8d25\u53ef\u80fd\u5e76\u4e0d\u8fd4\u56de ocsp response <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u4e3b<\/span> \u8cc7\u6df1\u5927\u4f6c : echooo0 <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @Meano <\/p>\n

    \u6211\u7528\u7684\u4e0d\u662f\u7f13\u5b58 ocsp file \u7684\u65b9\u5f0f<\/p>\n

    \u5728 nginx \u91cc\u9762\u662f\u4e0b\u9762\u8fd9\u4e48\u914d\u7f6e\u7684\uff0c\u67e5\u4e86\u6587\u6863\u8bf4 ocsp \u5728\u670d\u52a1\u7aef\u7f13\u5b58\u65f6\u95f4\u4e00\u822c 48 \u5c0f\u65f6\uff0c\u4f46\u662f\u5b9e\u9645\u4f53\u9a8c\u6765\u770b\u597d\u50cf\u8fdc\u4f4e\u4e8e 48 \u5c0f\u65f6<\/p>\n

    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 valid=300s;
    resolver_timeout 2s; <\/div>\n<\/p><\/div>\n<\/li>\n

  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : GM <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @txx \u514d\u8d39\u8bc1\u4e66\u6ca1\u6709\u901a\u914d\u7b26\u8bc1\u4e66\uff0c\u7ba1\u7406\u8d77\u6765\u592a\u9ebb\u70e6\u4e86\u3002 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u4e3b<\/span> \u8cc7\u6df1\u5927\u4f6c : echooo0 <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @cwbsw <\/p>\n

    OCSP Stapling \u6211\u4e5f\u5f00\u4e86\uff0c\u4e0a\u6211\u8d34\u4e86\u914d\u7f6e\uff0c\u4f46\u662f\u611f\u89c9\u597d\u50cf\u6548\u679c\u5e76\u4e0d\u597d <\/p><\/div>\n<\/p><\/div>\n<\/li>\n

  • \n
    \n
    \n
    \u4e3b<\/span> \u8cc7\u6df1\u5927\u4f6c : echooo0 <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @Meano \u7528 openssl \u547d\u4ee4\u6d4b\u8bd5\u4e86\u4e0b\uff0cOCSP Stapling \u7684\u72b6\u6001\u662f\u5f00\u542f\u7684<\/p>\n

    OCSP response:
    OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response <\/div>\n<\/p><\/div>\n<\/li>\n

  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : LnTrx <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @GM Let’s Encrypt \u5728\u4e24\u5e74\u524d\u5c31\u652f\u6301\u901a\u914d\u7b26\u4e86\uff0c\u7ed3\u5408 DNS \u7684\u81ea\u52a8\u5316\u65b9\u6848\u4e5f\u5f88\u6210\u719f\u4e86 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : Meano <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @echooo0 \u6211\u7684\u610f\u601d\u5c31\u662f\u7f13\u5b58\u5728\u5185\u5b58\u6216\u8005\u6587\u4ef6\u4e2d\uff0c\u9700\u8981\u4fdd\u8bc1\u670d\u52a1\u5668\u7684 dns \u6ca1\u6709\u6c61\u67d3\uff0c\u5e76\u4e14\u670d\u52a1\u5668\u8bbf\u95ee ocsp \u670d\u52a1\u5668\u8fde\u63a5\u53ef\u9760\uff0cstapling \u624d\u80fd\u6b63\u5e38\u7f13\u5b58\uff0c\u770b\u4f60\u914d\u4e86 8.8.8.8\uff0c\u5927\u6982\u7387\u8fde ocsp \u7684\u57df\u540d\u4e5f\u662f\u6c61\u67d3\u6389\u7684\u3002 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u4e3b<\/span> \u8cc7\u6df1\u5927\u4f6c : echooo0 <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @Meano 8.8.8.8 \u8fd9\u4e2a\u4e4b\u524d\u6709\u6d4b\u8fc7\uff0c\u6ca1\u6709\u6c61\u67d3\u3002\u4e0d\u8fc7\u8fd9\u4e2a dns \u5728\u67d0\u4e9b\u7279\u6b8a\u65f6\u671f\u4f1a\u62bd\u98ce\u5012\u662f\u771f\u7684<\/p>\n

    \u670d\u52a1\u5668\u7684 dns \u8fd9\u5757\uff0cocsp \u7684\u57df\u540d\u5df2\u7ecf\u5199\u5230 hosts \u6587\u4ef6\u4e86\u3002<\/p>\n

    \u81f3\u4e8e stapling \u662f\u5426\u6b63\u5e38\u7f13\u5b58\uff0c\u6211\u89c9\u5f97 OCSP Response Status: successful \u5e94\u8be5\u4ee3\u8868\u5df2\u7ecf\u6b63\u5e38\u7f13\u5b58\u4e86\u5427\u3002\u3002\u3002\u96be\u9053\u8fd8\u6709\u5176\u4ed6<\/p>\n

    \u72b6\u6001\uff1f <\/p><\/div>\n<\/p><\/div>\n<\/li>\n

  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : billzhuang <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    wireshark \u8d34\u4e00\u4e2a <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n","protected":false},"excerpt":{"rendered":"

    \u5728 ios \u7cfb\u7edf\u4e0a\u6253\u5f00 Let&#…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[],"_links":{"self":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/149577"}],"collection":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=149577"}],"version-history":[{"count":0,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/149577\/revisions"}],"wp:attachment":[{"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=149577"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=149577"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=149577"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}