読者です 読者をやめる 読者になる 読者になる

Webサーバの SSL/TLS 対応状況を確認する

今回は下記から Windows 版を選んだ

ファイル自体はこちらにホストされている

事前に以下の手順で証明書をセットしておく

  1. Download the SSL-aware version of Curl, or build the SSL-aware version yourself.
  2. From http://curl.haxx.se/docs/caextract.html , Download the cacert.pem file.
  3. Place the curl.exe and the .pem file in the same directory.
  4. Rename the cacert.pem file to curl-ca-bundle.crt
  5. Re-run curl.exe !
    Why can't cURL properly verify a certificate on Windows? - Super User

実行する

SSLv3(エラー:対応していない)

C:\tmp>C:\tmp\curl_740_0_rtmp_ssh2_ssl_sspi\curl.exe https://example.com --sslv3 --head
curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

TLSv1.0(成功:対応している)

C:\tmp>C:\tmp\curl_740_0_rtmp_ssh2_ssl_sspi\curl.exe https://example.com --tlsv1.0 --head
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Type: text/html
Date: Mon, 02 Feb 2015 15:54:17 GMT
Etag: "359670651"
Expires: Mon, 09 Feb 2015 15:54:17 GMT
Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
Server: ECS (cpm/F845)
X-Cache: HIT
x-ec-custom-error: 1
Content-Length: 1270

Mac の場合:

SSLv3

Mac:~ able$ curl https://example.com --sslv3 --head
curl: (35) SSL peer handshake failed, the server most likely requires a client certificate to connect

TLSv1.0

Mac:~ able$ curl https://example.com --tlsv1.0 --head
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Type: text/html
Date: Tue, 03 Feb 2015 16:20:47 GMT
Etag: "359670651"
Expires: Tue, 10 Feb 2015 16:20:47 GMT
Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
Server: ECS (pae/37B9)
X-Cache: HIT
x-ec-custom-error: 1
Content-Length: 1270

参考: