Webサーバの SSL/TLS 対応状況を確認する
今回は下記から Windows 版を選んだ
ファイル自体はこちらにホストされている
- cURL groks URLs - CURL 7.40.0 (Download RTMP, SSH2, SSL, SSPI Version)
事前に以下の手順で証明書をセットしておく
- Download the SSL-aware version of Curl, or build the SSL-aware version yourself.
- From http://curl.haxx.se/docs/caextract.html , Download the cacert.pem file.
- Place the curl.exe and the .pem file in the same directory.
- Rename the cacert.pem file to curl-ca-bundle.crt
- Re-run curl.exe !
Why can't cURL properly verify a certificate on Windows? - Super User
実行する
SSLv3(エラー:対応していない)
C:\tmp>C:\tmp\curl_740_0_rtmp_ssh2_ssl_sspi\curl.exe https://example.com --sslv3 --head curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
TLSv1.0(成功:対応している)
C:\tmp>C:\tmp\curl_740_0_rtmp_ssh2_ssl_sspi\curl.exe https://example.com --tlsv1.0 --head HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=604800 Content-Type: text/html Date: Mon, 02 Feb 2015 15:54:17 GMT Etag: "359670651" Expires: Mon, 09 Feb 2015 15:54:17 GMT Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT Server: ECS (cpm/F845) X-Cache: HIT x-ec-custom-error: 1 Content-Length: 1270
Mac の場合:
SSLv3
Mac:~ able$ curl https://example.com --sslv3 --head curl: (35) SSL peer handshake failed, the server most likely requires a client certificate to connect
TLSv1.0
Mac:~ able$ curl https://example.com --tlsv1.0 --head HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=604800 Content-Type: text/html Date: Tue, 03 Feb 2015 16:20:47 GMT Etag: "359670651" Expires: Tue, 10 Feb 2015 16:20:47 GMT Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT Server: ECS (pae/37B9) X-Cache: HIT x-ec-custom-error: 1 Content-Length: 1270