安全規(guī)范中有一條是要求盡量使用https而棄用http(新Chrome將標(biāo)記非HTTPS網(wǎng)站為不安全)。
為了滿足安全規(guī)范盛杰,從http改造成https,然而啟用https后就可以高枕無憂了嗎藐石?
綠盟告訴你:當(dāng)然不即供,TLS Client-initiated 重協(xié)商攻擊(CVE-2011-1473)了解一下。
檢測(cè)服務(wù)是否開啟重協(xié)商功能(用于CVE-2011-1473漏洞檢測(cè))
https://www.cnblogs.com/yurang/p/11532462.html
Jetty9架構(gòu)解析
https://blog.csdn.net/elinespace?t=1
Jetty9架構(gòu)解析-Jetty配置及部署(一)
https://blog.csdn.net/elinespace/article/details/52879587
Jetty9架構(gòu)解析-Jetty配置及部署(二)
https://blog.csdn.net/elinespace/article/details/72864550
安全客
https://www.anquanke.com
How to disable re-negotiate in Spring boot embedded jetty
https://stackoverflow.com/questions/44575917/how-to-disable-re-negotiate-in-spring-boot-embedded-jetty
SSL/TLS協(xié)議安全之:不安全的重協(xié)商
https://www.anquanke.com/post/id/82989
How to disable Client-Initiated SSL renegotiation in 8.5.1 ?
https://forums.zimbra.org/viewtopic.php?t=55892
Configuring SSL/TLS
https://portail.capsana.ca/doc/9.4.5.v20170502/configuring-ssl.html
Configuring Jetty SSL Ciphers
https://help.percussion.com/rhythmyx/implementation/jetty/configuring-jetty-ssl-ciphers.html
啟用HTTPS
https://www.cnblogs.com/zqyx/p/9670636.html
netty的SSL renegotiation攻擊漏洞
https://www.cnblogs.com/zqyx/p/10256077.html
配置文件的屬性加密
https://www.cnblogs.com/zqyx/p/9687136.html
Tomcat SSL 漏洞加固
http://www.defvul.com/tomcat-ssl
