{"id":6114,"date":"2015-03-07T10:00:30","date_gmt":"2015-03-07T01:00:30","guid":{"rendered":"http:\/\/www.techscore.com\/blog\/?p=6114"},"modified":"2018-11-14T16:33:49","modified_gmt":"2018-11-14T07:33:49","slug":"apache%e3%81%aessl%e8%a8%ad%e5%ae%9a%e3%82%92%e8%80%83%e3%81%88%e3%81%9f","status":"publish","type":"post","link":"https:\/\/www.techscore.com\/blog\/2015\/03\/07\/apache%e3%81%aessl%e8%a8%ad%e5%ae%9a%e3%82%92%e8%80%83%e3%81%88%e3%81%9f\/","title":{"rendered":"Apache\u306eSSL\u8a2d\u5b9a\u3092\u8003\u3048\u305f"},"content":{"rendered":"<p>\u3053\u3093\u306b\u3061\u306f\uff01\u30a4\u30f3\u30d5\u30e9\u30a8\u30f3\u30b8\u30cb\u30a2\u306e\u5c04\u5834\u3067\u3059\u3002<\/p>\n<p>\u8da3\u5473\u3084\u304a\u4ed5\u4e8b\u3067Web\u30b5\u30a4\u30c8\u3092\u904b\u7528\u3055\u308c\u3066\u3044\u308b\u65b9\u306f\u3044\u3089\u3063\u3057\u3083\u3044\u307e\u3059\u304b\uff1f<br \/>\n\u305d\u306eWeb\u30b5\u30a4\u30c8\u306fSSL\u8a3c\u660e\u66f8\u3092\u4f7f\u3063\u3066\u3044\u307e\u3059\u304b\uff1f<\/p>\n<p>SSL\u8a3c\u660e\u66f8\u3092\u4f7f\u3063\u3066\u3044\u308b\u3068\u7b54\u3048\u305f\u30a2\u30ca\u30bf\uff01<br \/>\n\u4e0b\u8a18\u306e\u30ea\u30f3\u30af\u306b\u3042\u306a\u305f\u306e\u7ba1\u7406\u3059\u308bWeb\u30b5\u30a4\u30c8\u306eURL\u3092<br \/>\n\u307a\u3063\u3061\u3087\u308a\u3068\u8cbc\u308a\u4ed8\u3051\u3001\u30b9\u30ad\u30e3\u30f3\u3092\u5b9f\u884c\u3057\u3066\u307f\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p><a href=\"https:\/\/sslcheck.globalsign.com\/ja\/\" onclick=\"_gaq.push(['_trackEvent', 'outbound-article', 'https:\/\/sslcheck.globalsign.com\/ja\/', 'https:\/\/sslcheck.globalsign.com\/ja\/']);\" >https:\/\/sslcheck.globalsign.com\/ja\/<\/a><\/p>\n<p>\u3044\u304b\u304c\u3067\u3057\u305f\u304b\uff1f<br \/>\n\u30e9\u30f3\u30af\u306fA\u3067\u3057\u305f\u304b\uff1fB\u3067\u3057\u305f\u304b\uff1f\u305d\u308c\u3068\u3082E\u3084F\uff1f<\/p>\n<p>\u3061\u306a\u307f\u306b\u3001\u79c1\u3082\u307b\u305d\u307c\u305d\u3068Web\u30b5\u30a4\u30c8\u3092\u904b\u7528\u3057\u3066\u304a\u308a\u3001\u3064\u3044\u5148\u65e5SSL\u8a3c\u660e\u66f8\u3092\u5165\u308c\u307e\u3057\u305f\u3002<br \/>\n\u5fd9\u3057\u3055\u3092\u8a00\u3044\u8a33\u306b\u3001\u521d\u671f\u8a2d\u5b9a\u306e\u307e\u307e\u653e\u7f6e\u3057\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<p>\u305d\u3093\u306a\u3060\u3089\u3057\u306a\u3044\u79c1\u306eWeb\u30b5\u30a4\u30c8\u306e\u8a55\u4fa1\u306f\u3054\u89a7\u306e\u3068\u304a\u308a\u3002<\/p>\n<p>\u203b\u6065\u305a\u304b\u3057\u3044\u306e\u3067URL\u306f\u4f0f\u305b\u3066\u3044\u307e\u3059\/\/\/<\/p>\n<p><a href=\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2015\/03\/Fgrade.png\" rel=\"facebox\"><img loading=\"lazy\" src=\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2015\/03\/Fgrade.png\" alt=\"fgrade\" width=\"887\" height=\"437\" class=\"alignleft size-full wp-image-889\" \/><\/a><br \/>\n<\/p>\n<p>\u3053\u308c\u306f\u3042\u304b\u3093<\/p>\n<p>\u3068\u3044\u3046\u3053\u3068\u3067\u3001\u3044\u3063\u3061\u3087\u672c\u6c17\u3092\u51fa\u3057\u3066\u307f\u307e\u3057\u305f\u306e\u3067\u3001\u305d\u306e\u8a2d\u5b9a\u5185\u5bb9\u3092\u6652\u3057\u305f\u3044\u3068\u601d\u3044\u307e\u3059\uff01<\/p>\n<h3>Web\u30b5\u30fc\u30d0\u30fc\u306b\u3064\u3044\u3066<\/h3>\n<p>\u4eca\u56de\u8a2d\u5b9a\u3092\u65bd\u3057\u305fWeb\u30b5\u30fc\u30d0\u30fc\u306f<\/p>\n<ul>\n<li>CentOS6 32bit<\/li>\n<li>Apache-2.2.29(\u30bd\u30fc\u30b9\u304b\u3089\u30d3\u30eb\u30c9)<\/li>\n<li>mod_ssl<\/li>\n<\/ul>\n<p>\u306a\u611f\u3058\u306eWeb\u30b5\u30fc\u30d0\u30fc\u3067\u3059\u3002<\/p>\n<h3>\u5909\u66f4\u524d\u306e\u8a2d\u5b9a<\/h3>\n<p>\u5192\u982d\u3067\u7533\u3057\u4e0a\u3052\u305f\u901a\u308a\u3001SSLProtocol\u3001CipherSuite\u304c\u521d\u671f\u306e\u307e\u3093\u307e\u3067\u3059\u3002<\/p>\n<pre><code><VirtualHost *:443>\r\n    SSLEngine on\r\n    SSLProtocol all -SSLv2\r\n    SSLCipherSuite SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5\r\n    SSLCertificateFile \/usr\/local\/apache2\/cert\/cert.pem\r\n    SSLCertificateKeyFile \/usr\/local\/apache2\/cert\/keynp.pem\r\n    SSLCertificateChainFile \/usr\/local\/apache2\/cert\/chain.pem\r\n<\u7701\u7565>\r\n<\/VirtualHost>\r\n<\/code><\/pre>\n<h2>\u672c\u6c17\u51fa\u3057\u305f\u7d50\u679c<\/h2>\n<p>SSL\u306e\u8a2d\u5b9a\u3092\u8abf\u6574\u3059\u308b\u306b\u3042\u305f\u308a\u3001\u4ee5\u4e0b\u306e\u70b9\u3092\u610f\u8b58\u3057\u3066\u8a2d\u5b9a\u3092\u884c\u3044\u307e\u3057\u305f\u3002<\/p>\n<ul>\n<li>WinXP\u306eIE6\u3084Java6\u306a\u3069\u306e\u53e4\u3044\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306f\u30b5\u30dd\u30fc\u30c8\u3057\u306a\u3044<\/li>\n<li>SSL Compression\u306f\u7121\u52b9\u306b\u3059\u308b<\/li>\n<li>SSLv2\u3001SSLv3\u306f\u4f7f\u7528\u3057\u306a\u3044<\/li>\n<li>\u30b5\u30fc\u30d0\u304c\u63d0\u4f9b\u3059\u308b\u6697\u53f7\u5316\u30b9\u30a4\u30fc\u30c8\u3092\u512a\u5148\u7684\u306b\u4f7f\u7528\u3059\u308b\u3088\u3046\u306b\u3059\u308b<\/li>\n<li>\u4f7f\u7528\u3059\u308b\u6697\u53f7\u5316\u30b9\u30a4\u30fc\u30c8\u306b\u306f\u73fe\u5728\u5b89\u5168\u6027\u304c\u9ad8\u3044\u3068\u3055\u308c\u3066\u3044\u308b\u6697\u53f7\u5316\u30b9\u30a4\u30fc\u30c8\u3092\u6307\u5b9a\u3059\u308b<\/li>\n<li>\u53e4\u304f\u3066\u5371\u306a\u3044\u6697\u53f7\u5316\u30b9\u30a4\u30fc\u30c8\u306f\u5fb9\u5e95\u7684\u306b\u306f\u3076\u304f<\/li>\n<\/ul>\n<pre><code>SSLCompression off\r\n\r\n<VirtualHost *:443>\r\n    SSLEngine on\r\n    SSLProtocol all -SSLv2 -SSLv3\r\n    SSLHonorCipherOrder On\r\n    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!EXP:!LOW:!aNULL:!eNULL:!ADH:!DSS:!MD5:!PSK:!SRP:!RC4:!3DES\r\n    Header add Strict-Transport-Security \"max-age=15768000\"\r\n    SSLCertificateFile \/usr\/local\/apache2\/cert\/cert.pem\r\n    SSLCertificateKeyFile \/usr\/local\/apache2\/cert\/keynp.pem\r\n    SSLCertificateChainFile \/usr\/local\/apache2\/cert\/chain.pem\r\n<\u7701\u7565>\r\n<\/VirtualHost>\r\n<\/code><\/pre>\n<p>\u30b9\u30b3\u30a2\u3082\u5287\u7684\u306b\u6539\u5584\uff01<\/p>\n<p><a href=\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2015\/03\/Agrade.png\" rel=\"facebox\"><img loading=\"lazy\" src=\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2015\/03\/Agrade.png\" alt=\"fgrade\" width=\"886\" height=\"436\" class=\"alignleft size-full wp-image-889\" \/><\/a><\/p>\n<p>\u8a2d\u5b9a\u9805\u76ee\u306e\u7c21\u5358\u306a\u8aac\u660e\u3084\u30dd\u30a4\u30f3\u30c8\u3092\u8aac\u660e\u3057\u307e\u3059\u3002<\/p>\n<h4>SSLCompression<\/h4>\n<p>\u30d6\u30e9\u30a6\u30b6\u3068\u306e HTTPS \u63a5\u7d9a\u306b SSL\/TLS \u30c7\u30fc\u30bf\u5727\u7e2e\u3092\u4f7f\u3063\u3066\u3044\u308b\u5834\u5408\u306b<br \/>\n\u4e2d\u9593\u8005\u653b\u6483\u8005\u304c\u5e73\u6587\u306e HTTP \u30d8\u30c3\u30c0\u3092\u53d6\u5f97\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u306e\u3067\u3001\u30c7\u30fc\u30bf\u5727\u7e2e\u3092\u3057\u306a\u3044\u3088\u3046\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<p>VirtualHost\u30c7\u30a3\u30ec\u30af\u30c6\u30a3\u30d6\u306e\u5916\u306b\u66f8\u304b\u306a\u3044\u3068\u6012\u3089\u308c\u3066\u3057\u307e\u3046\u306e\u3067\u3001\u3054\u6ce8\u610f\u3092\uff01<\/p>\n<p>\u6b8b\u5ff5\u306a\u304c\u3089SSLCompression off \u306e\u8a2d\u5b9a\u304c\u3067\u304d\u308b\u306e\u306f 2.2.24\u30012.4.3 \u4ee5\u964d\u306eApache\u3068\u306a\u308a\u307e\u3059\u3002\u3002<\/p>\n<h4>SSLProtocol<\/h4>\n<p>SSLv2\u3001SSLv3\u306f\u6df1\u523b\u306a\u8106\u5f31\u6027\u3092\u62b1\u3048\u305f\u3082\u306e\u306a\u306e\u3067\u3001\u4f7f\u308f\u306a\u3044\u3088\u3046\u306b\u3057\u307e\u3059\u3002<\/p>\n<h4>SSLCipherSuite<\/h4>\n<p>TLS1.0\u4ee5\u964d\u306e\u6697\u53f7\u5316\u65b9\u5f0f\u306b\u5bfe\u5fdc\u3057\u305f\u6697\u53f7\u5316\u30b9\u30a4\u30fc\u30c8\u3092\u4f7f\u3046\u3088\u3046\u306b\u3057\u307e\u3059\u3002<br \/>\n\u8106\u5f31\u6027\u306e\u767a\u898b\u3055\u308c\u305f\u5371\u967a\u306a\u6697\u53f7\u5316\u30b9\u30a4\u30fc\u30c8\u306f\u660e\u793a\u7684\u306b\u7981\u6b62\u3057\u307e\u3059\u3002<\/p>\n<h4>SSLHonorCipherOrder<\/h4>\n<p>SSLHonorCipherOrder\u3092\u6709\u52b9\u306b\u3059\u308b\u3053\u3068\u3067\u3001\u30cd\u30b4\u30b7\u30a8\u30fc\u30b7\u30e7\u30f3\u306e\u969b\u306b<br \/>\n\u6697\u53f7\u306e\u9078\u629e\u3092\u30b5\u30fc\u30d0\u5074\u3067\u6c7a\u5b9a\u3059\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u8a2d\u5b9a\u3092\u6709\u52b9\u306b\u3059\u308b\u3053\u3068\u3067\u3001SSL\u30c0\u30a6\u30f3\u30b0\u30ec\u30fc\u30c9\u653b\u6483\u3092\u9632\u304e\u307e\u3059\u3002<\/p>\n<h4>Header add Strict-Transport-Security(HSTS)<\/h4>\n<p>HSTS \u306f\u30b5\u30fc\u30d0\u30fc\u304b\u3089 \u201cStrict-Transport-Security\u201d \u3068\u3044\u3046\u30d8\u30c3\u30c0\u3092\u8fd4\u3059\u3053\u3068\u3067\u3001<br \/>\n\u4ee5\u5f8c\u305d\u306e\u30d6\u30e9\u30a6\u30b6\u3067 \u540c\u3058URL\u3092\u5165\u529b\u3059\u308b\u3068 HTTP \u3067\u306f\u306a\u304f HTTPS \u3067\u6697\u53f7\u5316\u3057\u305f\u901a\u4fe1\u3092\u884c\u3046\u3088\u3046\u306b\u3059\u308b\u6a5f\u80fd\u3067\u3059\u3002<\/p>\n<p>\u3053\u308c\u306b\u3088\u308a\u3001\u5e38\u6642HTTPS\u901a\u4fe1\u3092\u3059\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<h2>\u6700\u5f8c\u306b<\/h2>\n<p>\u3053\u3053\u307e\u3067\u3054\u89a7\u3044\u305f\u3060\u304d\u3042\u308a\u304c\u3068\u3046\u3054\u3056\u3044\u307e\u3059\uff01<\/p>\n<p>\u3053\u306e\u8a18\u4e8b\u3067\u7d39\u4ecb\u3055\u305b\u3066\u3044\u305f\u3060\u3044\u305f\u8a2d\u5b9a\u4f8b\u306f\u79c1\u304c\u500b\u4eba\u3067\u7ba1\u7406\u3057\u3066\u3044\u308b\u30b5\u30fc\u30d0\u30fc\u306e\u8a2d\u5b9a\u4f8b\u3067\u3042\u308a\u3001<br \/>\n\u5f53\u793e\u304c\u63d0\u4f9b\u3057\u3066\u3044\u308b\u30b5\u30fc\u30d3\u30b9\u306e\u8a2d\u5b9a\u3068\u306f\u7570\u306a\u308a\u307e\u3059\u306e\u3067\u3054\u4e86\u627f\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>\u3053\u3053\u3067\u306e\u8a2d\u5b9a\u306fApache2.2\u7cfb\u30012.4\u7cfb\u3067\u3042\u308c\u3070\u307b\u307c\u305d\u306e\u307e\u307e\u6d41\u7528\u3057\u3066\u3082\u554f\u984c\u7121\u3044\u3067\u3059\u3002<br \/>\nSSLCipherSuite \u306b\u9650\u308c\u3070Nginx\u3067\u3082\u8a2d\u5b9a\u3092\u6d41\u7528\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u6700\u8fd1\u5df7\u3092\u9a12\u304c\u305b\u305fPOODLE\u8106\u5f31\u6027\u3084\u3001FREAK\u8106\u5f31\u6027\u3001\u307e\u3060\u77e5\u3089\u306a\u3044\u8106\u5f31\u6027\u304b\u3089\u8eab\u3092\u5b88\u308b\u305f\u3081\u3001<br \/>\n\u3044\u3064\u3082\u30bb\u30ad\u30e5\u30a2\u306a\u72b6\u614b\u306b\u4fdd\u3066\u308b\u3088\u3046\u624b\u6bb5\u3092\u8b1b\u3058\u3066\u3044\u304b\u306d\u3070\u3068\u6539\u3081\u3066\u601d\u3044\u307e\u3057\u305f\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u3053\u3093\u306b\u3061\u306f\uff01\u30a4\u30f3\u30d5\u30e9\u30a8\u30f3\u30b8\u30cb\u30a2\u306e\u5c04\u5834\u3067\u3059\u3002<br \/>\n\u8da3\u5473\u3084\u304a\u4ed5\u4e8b\u3067Web\u30b5\u30a4\u30c8\u3092\u904b\u7528\u3055\u308c\u3066\u3044\u308b\u65b9\u306f\u3044\u3089\u3063\u3057\u3083\u3044\u307e\u3059\u304b\uff1f<br \/>\n\u305d\u306eWeb\u30b5\u30a4\u30c8\u306fSSL\u8a3c\u660e\u66f8\u3092\u4f7f\u3063\u3066\u3044\u307e\u3059\u304b\uff1f<br \/>\nSSL\u8a3c\u660e\u66f8\u3092\u4f7f\u3063\u3066\u3044\u308b\u3068\u7b54\u3048\u305f\u30a2\u30ca\u30bf\uff01<br \/>\n\u4e0b\u8a18\u306e\u30ea\u30f3\u30af\u306b\u3042\u306a\u305f\u306e\u7ba1\u7406\u3059\u308bWeb\u30b5\u30a4\u30c8\u306eURL\u3092<br \/>\n\u307a\u3063\u3061\u3087\u308a\u3068\u8cbc\u308a\u4ed8\u3051\u3001\u30b9\u30ad\u30e3\u30f3\u3092\u5b9f\u884c\u3057\u3066\u307f\u3066\u304f\u3060\u3055\u3044\u3002<br \/><a href=\"https:\/\/www.techscore.com\/blog\/2015\/03\/07\/apache%e3%81%aessl%e8%a8%ad%e5%ae%9a%e3%82%92%e8%80%83%e3%81%88%e3%81%9f\/\">\u7d9a\u304d\u3092\u8aad\u3080...<\/a><\/p>\n","protected":false},"author":20,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[18],"tags":[157,158],"_links":{"self":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts\/6114"}],"collection":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/comments?post=6114"}],"version-history":[{"count":7,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts\/6114\/revisions"}],"predecessor-version":[{"id":6346,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts\/6114\/revisions\/6346"}],"wp:attachment":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/media?parent=6114"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/categories?post=6114"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/tags?post=6114"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}