学习完SSL,我们来看一下如何构建一个基于SSL的OpenVPN。OpenVPN一般提供客户端/服务器模式,也就是客户端连接到服务器端,可以访问服务器端,但服务器端无法主动访问客户端,这是通过隧道(tunnel)来实现的。大致流程是客户端对服务器发起SSL连接,连接建立后,所有流量通过SSL传输,OpenVPN还会加上特定的报头表示这是OpenVPN报文。有关OpenVPN的下载网站在https://www.techspot.com/downloads/5182-openvpn.html我这里 »
This article will introduce some special processes.Client AuthenticationGenerally client will validate server's certificates(chain). A non-anonymous server can optionally request a certificate from the client. This is mutual authentication.🤔I use Op »
Currently most of SSL handshakes would use ECDHE as key exchange algorithm. It supported PFS and also is more secure than RSA key exchange algorithm. I will show the handshake process with ECDHE-RSA-AES256-GCM-SHA384 and the version is TLS1.2. Becau »
TLS is different from SSL on technical part but the two terms are largely used interchangeable in the production. Secure Socket Layer(SSL) came first and was developed by Netscape. IETF standardized SSL and then Transport Layer Security(TLS) came al »
之前用letsencrypt为这个网站生成的证书快到期了,我是给泛域名生成的证书,所以在续签证书的时候需要DNS验证,但是续签是个自动的过程,你不知道需要把TXT记录改成什么。所以自动续签命令一直失败。看了一些教程,需要在续签的时候用有一个脚本来修改DNS记录,所以需要调用域名注册商的一些API。正好godaddy有API,下面分享一下步骤。先决条件一个在Godaddy注册的域名证书是letsencrypt生成的具体操作进入这个页面,为自己的Godaddy账号生成一对API Key,生成pro »