SSL VPN --- (C-S)OpenVPN搭建过程

学习完SSL,我们来看一下如何构建一个基于SSL的OpenVPN。OpenVPN一般提供客户端/服务器模式,也就是客户端连接到服务器端,可以访问服务器端,但服务器端无法主动访问客户端,这是通过隧道(tunnel)来实现的。大致流程是客户端对服务器发起SSL连接,连接建立后,所有流量通过SSL传输,OpenVPN还会加上特定的报头表示这是OpenVPN报文。有关OpenVPN的下载网站在https://www.techspot.com/downloads/5182-openvpn.html我这里 »

man man 分类:SSL,VPN 标签:none

SSL/TLS Brown Bag (Ⅲ)

This article will introduce some special processes.Client AuthenticationGenerally client will validate server's certificates(chain). A non-anonymous server can optionally request a certificate from the client. This is mutual authentication.🤔I use Op »

man man 分类:SSL,Security 标签:none

SSL/TLS Brown Bag (Ⅱ)

Currently most of SSL handshakes would use ECDHE as key exchange algorithm. It supported PFS and also is more secure than RSA key exchange algorithm. I will show the handshake process with ECDHE-RSA-AES256-GCM-SHA384 and the version is TLS1.2. Becau »

man man 分类:SSL,Security 标签:none

SSL/TLS Brown Bag (Ⅰ)

TLS is different from SSL on technical part but the two terms are largely used interchangeable in the production. Secure Socket Layer(SSL) came first and was developed by Netscape. IETF standardized SSL and then Transport Layer Security(TLS) came al »

man man 分类:SSL,Security 标签:none

OpenSSL生成多级证书

在用户目录下创建一个certs目录并进入,后续证书生成以这个目录为主目录。mkdir certs cd certs mkdir CA mkdir -p CA/{certs,crl,newcerts,private} touch CA/index.txt echo 01 > CA/serial echo 02 > CA/serial rm -rf keys mkdir keys OpenSSL的默认把证书生成在/etc/pki/CA,并且在签名其他证书的时候有一些策略,例如Count »

man man 分类:SSL,Security 标签:none