Home

CRYPTREC Report 2014 暗号技術活用委員会報告

1.
2.
3.
4.
5.
6.
7.
8. ul 7 1 5
9. 24
10. f 1
11. 2 1 2 1 1
12. E AES Camellia
13. http www cryptrec go jp 71mages cryptrec_ciphers_list_2013 pdf 11 2 SSL TLS
14. 21
15. SSL TLS Perfect Forward Secrecy Perfect Forward Secrecy PES Forward secrecy
16. ToT 28 2 4 2 1
17. 14 2 1 2 A 1 A 2 A 1
18. WG WG CRYPTREC 2 3
19. 1
20. 4 7 SSL TLS 46
21. SSL TLS SSL TLS
22. IPA NICT _ NICT IPA IPA NICT WG WG WG WG 1 2014 CRYPTREC
23. A gt lt gt lt gt lt gt gt
24. 1 gt gt 5 4 CA 2 SSL TLS gt 24 2015 5
25. gt gt 5 4 2 CA TAN SSL TLS 23 2015 5 1 1
26. SSL TLS OpenSSL 1 2 3 Netcraft Heartbleed
27. 31 6 ARIB ARIB lt gt lt gt lt gt lt gt e ITU ISO IEC IETTE
28. ISO IEC JTC 1 8C 17 NHK I2014 12 2015 1
29. 6 l win win
30. WD IS NB NB 105 0011 3 5 8 808 3 03 3431 2808 FAX 03 3431 6493 lt
31. gt gt 3 4 2 CA SSL TLS 25 5 2 7 Issuer
32. 2 IPsec VPN IPsec VPN SSL VPN SSL TLS 60 P SSL TLS TP SSL TLS VPN3 Ma n
33. 4 H E http www cryptrec go jp report c13_eval_web_final pdf http 7www nisc go jp active general pdf angou_ikoushishin pdf 29 CSR Certificate Signing Request
34. 15 3 Web EV 2015 5 OV
35. 4 IT V GPKI1 1 2014 2 2
36. IEEE SA lt gt 23 lt gt EU US 24 4 TCG TCG lt gt lt gt lt gt lt gt HT
37. UFJ CIO EMC
38. 2012 CRYPTREC V Vv VvV VV Vv By 2013 2014 GSOC NTSC 2013 6
39. Agility SSL TLS WLC SU px E 45 2 3 1
40. B P 3
41. i 1 ARIB STD B61 2 ARIB STD B25 OWN NL MAM ak hi M MM I 0 1 MM AM 4 KN 2 MX MN 00 2 NOU YA MOO 4 0 MA 7 x U DE N a Ny MAN NS NI NN RN 4 IEEE802 SS gt NT SaS EMB SC27 TPM1 2 TCG ISO
42. RN 0 6 2 6 4 CRYPTREC 128
43. gt lt gt lt gt B
44. SHA 1 SHA 256 SHA 1 SHA 256 lt 7 1 4
45. ARIB e TG TG 32
46. RSA 2048 Bits RSA 2048 SSL TLS 89 Ge SSL x IPv4 SECOM Trust Systems CO LTD JP SECOM Trust Systems CO LTD Np 1 SR S PT E ta Rt Web Fr SECOM Trust Systems CO LTI SECOM Trust Systems CO LTD Shibuya Tokyo jp _ ID
47. VI CRYPTREC CRYPTREC 1 SN VII 9 30 Appendnx A SSL TLS
48. Internet Explorer mternet Explorer 8 2 2 PC Web gt Apple Safari gt Google Chrome Web Android Mobile Safari 1OS SSL TLS 55 Microsoft Internet Explorer
49. 2 1
50. SC17 10 1 4 SC17 WG WG NB PWI NP WD CD Project editor Project co editor SC 17 JBMIA 108 0073 3
51. k HH 2 2 2 1
52. HIPS140 2
53. ZSCS Q NIST ANSI ITU 10
54. 2 1 TLS 3 TLS 4 TLS TLS GET access_of attacker X gnore 1 6 L lt Renegotiation ago b TLS ee 7 2 TLS 3 8 3 ji
55. SSL TLS 6 2 2 1 SSL TLS 2 1 1 SSL TLS Secure Sockets Layer SSL Netscape SSL 3 1 0 SSL2 0 1995 1996 SSL3 0 RFC6101 Internet Engineering Task Force IETF Transport Layer Security Protocol Version 1 0 TLS1 0 RFC2246 TLS1 0 SSL3 0 TLS1 0
56. lt gt ee ROLEZFCTHTSEET72TLTS2 El Wa 2 2 TLSI 1 ee SIA 2567 rs 256 ed Ed Im 1 ii iat doth FT TE ssi
57. IEEE SA 21 IEEE802 11 IEEE802 11 Wi Fi Aliiance IEEE802 15 IEEE802 15 ZigBee Bluetooth Wi SUN IEEE 107 0062 1 1 1 19 Tel 03 3408 3118 Fax 03 3408 3553 E mail ieee japan ieee org lt gt IEEE802 11 IE
58. 1 2 SSL TLS SSL TLS SSL TLS 5 1 3 CRYPTREC AR 1
59. 7 2 3 CRIME TIME BREACH SSL TLS
60. ML WG 39 IETF RFC ML WG 40 2015 6 30 1 1
61. ML 36 e 2 3 2 8 RFC RFEC lt PS Proposed Standard DS Draft Standard Standard DS RFC PS DS STD
62. 3 6 3 Appendix 4 6
63. AES
64. II 1 III NISC
65. CC CMVP 2 8 2 3 1 NIST 10
66. Il CA uk Nt 10 7 FLOPS CRYPTREC RSA 2048 1 4
67. IV T V 29
68. E EE BL gt EX 8 2 7 9 1 2 3 1 3 3 2014 2014 2015 10 17 12 16 2 25 WG WG WG WG 3 3
69. E FE CSR 2014 4 OpenSSL Heartbleed TLS1 2 Heartbeat OpenSSL OpenSSL Heartbeat 0 OpenSSL SSL TLS
70. 9 RFC CO MM 37 IETF Meeting Venue Selection Criteria https wwwr ietf org archive id draft palet ietf meeting venue selection critera 04 txt IETF
71. ITU T ETSI IEEE ISO IEC https datatracker ietf org liaison IETF ML RFC5378 RFC3979 IETF 3 WG Interim IETF TITnterim IETTF voting WG WG
72. 38 CRYPTREC 2012 CRYPTREC CRYPTREC 2018 2012 10
73. Mozilla Japan Director
74. SHA 256 SHA 256 DSA ECDSA SHA 1 SHA 1 ECDSA DSA 3 3
75. 9 CRYPTREC DH Ephemeral DH ECDH Ephemeral DH RSAES PKCS 1 v1 5 RSA RSASSA PKCS 1 v1 5 RSA DSA ECDSA 128 AES 128 256 Camellia 128 256 CBC GCM SHA 256 SHA 384 SHA 1 SSL TLS 833 SSL3 0 128 bit RC4
76. lt gt gt Q ISA ANSI IEC 35 8 IETF IETF lt gt lt gt lt gt lt gt ML
77. Appendix WG SSL TLS WG a 2013 CRYPTREC Report CRYPTREC Web http wwwr cryptrec go p report html Web CRYPTREC
78. 7 1 6 CA A CA CA CA CA CA CA CA 0
79. 2 3 2 CRYPTREC 25 2 3 3 RSA
80. 4 6 3 E H 2 SSL TLS
81. NSA NIST 08 IC IETF ETF 1REERE IEEE NIST NSA CMVP CMVP CMVP NIST 23 2 2 3
82. Wsecofmtrustnet SECOM Passport for Web EV CA Fr pl 20127 09 11 20147 09 18 BB SECOM Passport for Web EV CA www secomtrust net OK io ER ID Security Communication RootCA1 Security Communication RootCA1 2003 09 30 2023 09 30 2 1 shal Security Communication Root 2003 9 30 13 20 49 shalRSA 2023 9 30 13 20 49 mration Root RSA 2048 Bits E SSL TLS 90 D 2 Activ
83. SSL3 0 SSL2 0 TLS1 1 TLS1 2 ER OE ERA CC RE Ne ANE TLS1 2 TLS1 1 TLS1 0 SSL3 0 SSL2 0 QO x x x x x x X SSL TLS 19 SSL2 0 TLS1 1 TLS1 2
84. C 1 Windows 4 1 gpeditmsc Enter 2 gt gt gt SSL 3 SSL SSL ISSL 4 SSL 5 SSL SSL C E D Windows Vista SSL TLS_RSA_WITH_AES_128_CBC_SHA Secure Socket Layer SSL PR SSL
85. 1 i SSL SsSL 8 CS a Mozilla Japan Director 1S EC RE 90
86. NIST ANSI TTU YY 1 ISO IEC JTC1 SC27 SC17 SC31 SC6 ISO TC215 TC154 IEC TC57 TC65 IEEE IEEE802 IEEE1888 ISA ISA 99 ISA 100 TCG ARIB ETSI IETF ANSI NIST ITU ITU T 4
87. Web 1 Pe 3 4 5 6 1 SSL TLS Certificate Authority SSL TLS 9 2 2 2 2 1 CRYPTREC CRYPTREC CRYPTREC
88. A F 13 2 TLS1 1 TLS1 0 Triple DES SSL TLS BEAST AES 6 3 2 SSL TLS 40 ECDH ECDSA 13 13 A TLS_ECDHE_ECDSA_WITH_
89. F SSL TLS SSL TLS E Perfect Forward Secrecy
90. OCSP OCSP IP OCSP REC 6066 Transport Layer Security TLS Extension Bxtension Definition 8 Certificate Status Request TLS OCSP OCSP Web SSL TLS OCSP OCSP Web OCSP OCSP OCSP Web OCSP Qr 7 A OCSP Stapling 2014 9
91. HH 2 8 5
92. AES HH HH 5 We AES 2 http www ipa go p security products products html 16 E E
93. Key Info Subject Public Key Algorithm ee Signature Algorithm Subject Public RSA OID 1 2 840 113549 1 1 1 2048 1 2 840 10045 3 1 7 256 NIST P 256 OID Certificate RSA SHA 256 sha256WithRSAEncryption OID 1 2 840 113549 1 1 11 2048 ECDSA SHA 256 ecdsa with SHA256 OID 1 2 840 10043 4 3 2 226 NIST P 236
94. 3 1 1 TLS1 0 SSL3 0 Rl Q 2 7 1 RSA SHA 256 2048 RSA SHA 1 2048 2 Sub ject Public Key Info Sub ject Public Key Algorithm IK 5 SSL TLS 68 2 2 i 4 3
95. AES xxx xxx AES Camellia xxx xxx Camellia RSA xxx xxx RSA DH xxx xxx DH ECDH xxx xxx NIST P xxx ECDH 5 ECDSA xxx xxx NIST P xxx ECDSA HMAC SHA xxx HMAC SHA xxx SSL TLS HMAC SHA xxx SHA xxx 3 NIST SP800 57 Recommendation for Key Management Part 1 General Revision 3 SSL TLS
96. 5 4 2014 10 30 RC4 WG 2015 1 26 ei SSL TLS 2015 3 10 1 8 1 3 1 2013 2014 2 2
97. ECDHE 6 5 2 e gt CRYPTREC gt 128 gt DSA 5 1 DSA gt A B FE gt 2015 5 128
98. I2014 7 I2014 8 2015 1 2015 2 2014 7 2014 8 1 2014 1 1 2013
99. SSL2 0 TLS1 2 TLS1 2 TLS1 2 TLS1 1 E SSL TLS 4 2 3 E 6 SSL TLS x
100. SHA 256 MDS SHA 1 RSA Subject Public Key Info Subject Public Key Algorithm RSA OID 1 2 840 113549 1 1 1 2048 Certificate
101. 18
102. 2 2 2 IT IT CMVP Conference 2002 IT 10
103. 1 5 7 5 SSL TLS 49 5 11 12 RFC5746
104. lt gt G2G OS SSL TLS 15
105. Appendix B S gt Apache HTTP Server 2 3 3 nginx 1 3 7 Microsoft IIS on Windows Server 2008 Mozilla Firefox 26 Microsoft Internet Explorer Windows Vista gt Google Chrome 7 2 5 Public Key Pinning FLAME DigiNotar TURKTRUST PKI SSL TLS 51
106. 1994 SSL2 0 1 3 4
107. Zz E 2014 7 j 2014
108. 6 1 10 oc 8 ce WA 8 SSL TLS 38 10 eo TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x00 0x9F TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 OxC0 0x7D 8 TLS_DHE_RSA_WITH_AES_128_GCM_SHA236 0x00 0x9E TLS_DHB_RSA_WITH_CAMELLIA_128_GCM_SHA256 OxC0 0x7C
109. re ro mg RY ii 5 1 8 ii 6 ECDHE 256 at ii 7 DHE ii 8 DHE 20488 2 2 SSL TLS 18 4 SSL2 0 2014 3 TLS1 2 4 1 SSL TLS 1994 5 4 2 Su EX 4 1 1
110. ii 6 ECDHE 256 A 2 1 TLS1 2 2 TLS1 1 1 RSA SHA 256 2048 ECDSA SHA 256 256 NIST P 256 2 Sub ject Public Key Info Sub ject Public Key Algorithm RSA 2048 256 Certificate Signature Algorithm 3 W 3 3 1 aq
111. SHA 256 ECDSA SHA 256 ECDSA 8 RSASSA PKCS 1 v1 5 RSA DSA ECDSA SHA 256 SHA 1 5 4 5 4 1 CA
112. 2013 2014 2 2014 20183 2013 2014
113. 9 CA CA Web CA CA Baseline Requirement SSL TLS 47 7 2 7 2 1 HTTPStrict Transport Security HSTS
114. CRYPTREC TT info cryptrec go jp 1 GPKI Government Public Key Infrastructure 1 PA NICT 2013 2012
115. O8 15 2 IPA 2 2008
116. Appendix B 1 1 Appendix B 1 1 etc ssl chain crt Appendix B 3 1 linux e DHE 2048 cat dh2048 pem gt gt etc ss1 chann crt ECDH ECDHE 256 cat prime256v1 pem gt gt etc ssl chain crt B 3 3 lighttpd DHE ECDH ECDHE lighttpd Appendix B 3 1 Appendix B 1 2 DHE 2048 ssl dh file etc ss1 dh2048 pem ECDH ECDHE 256 ssl ec curVe prime256v1 B 3 4 nginx DHE ECDH ECDHE nginx Ap
117. 1 1 ISO IEC JTC LSC 27 1 2 ISO EC JTC LSC 17 1 3 ISO IEC JTC LSC 31 1 4 ISOAEC JTC LSC 6 1 5 ISO TC 215 2 EC TC 65 WG 10 ISA99 3 1 IEEE802 3 2 IEEE1888 4 TCG 5 ETSI 6 ARIB 7 ISA 100 8 IETF 2015 2 CRYPTREC WG WG WG WG 1 CR
118. gt 4 5 6 SSL TLS 7 3 3 1 5 SSL TLS 16 5 236 bit 128 bit 128 bit 128 bit 256 bit 256 bit RC4 Triple DES 2048 1024 DHE 256 DHE 256 ECDHE ECDHE 2048 RSA 256 ECDH 128 256 AES
119. RSA 10 EE 2035 ECDSA 192 10 102 FLOPS CRYPTREC Report 2013 3 1 3 2 E 2015 5 RSA 2048 ECDSA 256 RSA1024 SHA 1 5 4 4
120. 08 PC PC PC OS H 3 6
121. 1SO IEC JTC1 SC6 6 Plenary Interim e 5 lh Du
122. ECDSA RSA DSA 7 SECG Certicom RAND http www s 7 ecg Org certicom_patent_letter_ SECG pdf DSA 6 DSA SSL TLS 22 2015 5 1 Oo 1
123. CRYPTREC 2003 NISC SHA 1 RSA1024 CRYPTREC 10 ISO IRC 19 H
124. TLS1 2 TLS1 1 TLS1 0 SSL3 0 SSL2 0 QO x 3 9 2 9 x X 7 4 2 SSL2 0 TLS1 2 6 6 SSL TLS TLS1 2 TLS1 1 TLS1 0 SSL3 0 SSL2 0 CBC BEAST POODLE TLS1 2 TLS1 1 TLS1 0 SSL3 0 SSL2 0 SSL2 0 128 AES Camellia GCM CCM SHA 2 SHA 236 SHA 384 SSL TLS 20
125. 2015 5 RSA 2048 E RSA RSA 2048 1 RSA pe hr E 2048 2048 RSA 2048
126. Public Key Pinning Certificate Pinning PKI Public Key Pinning SPKI Subject Public Key Info 2014 9 Public Key Pinning gt HTTP e Google Chrome 13 Mozilla Firefox 32 34 Android TInternetExplorer EMBET EMET 4 0 2 1 SPKI
127. K SSL TLS AAA 4 OS 201 5 PC SSL TLS E
128. B H 2 26 f E F 2 8 4 WC
129. Cybersecurity gt NISC 2015 1 9 1 GSOC 1 2 9 4 2015 2011 CRYPTREC
130. SSL TLS E CA 0 82 27 NI SSL TLS 2 0 5 4 2 CA
131. CerGficate Sisnature Algorithm Certificate Signature Value SSL TLS Subject 3 Subject Public Key Info Subject Public Key Algorithm Subject s Public Key Cerdficate Key Usage Subject Public Key Algorithm RSA Certificate Key Usage Sigsning Key Encipherment 0 s Public Key RSA Signing RSA Key Encipherment 0 7
132. 1 SSL TLS Trusted Third Party CA Web Trust for CA CA
133. 4 1 CA 5 4 1 j CA CA CA CC CA E CA 4 DoF CA CA E CA Windows D 2 TT 1 OR ab
134. https access redhat com a solutions 1232613 POODLE again TLS1 x POODLB SSL3 0 TLS1 x POODLB TLS1 x 2 1 TLS1 x SSL3 0 1 TLS1 x POODLE POODLB again https www 1imperialviolet org
135. 2 2 2 2 1 NISC CRYPTREC CRYPTREOC 2001 ISO IEC
136. 3 R 2018 E E E EE 1 E
137. CA Sa CA CA NG NI FUb2S i 7 CA 28 CA SSL TLS
138. JTC 1 SC ISO TC JTC 1 SC 27 JTC LSC 37 JTC LSC 6 JTC 1 SC 31 ISO TC 68 ISO TC 68 8C 7 lt gt 10 1 3 ISO IEC JTC LSC 31 ISO IEC JTC 1 SC 31 lt gt lt gt lt gt lt gt 5 PWI NP Call for Contribution JTC LSC 17
139. 2013JRF o o o o IOT o Cloud o Embedded System 29 5 ETSI ETSI lt gt lt gt lt gt lt gt TC ISO TC154 ETSI TC ESI FIPS ISO I
140. 6 5 2 G HH NN HAP IE 14 A 6 5 2 E G TLS_RSA_WITH_RC4 128_SHA 0x00 0x05 H TLS_DHE_RSA_ WITH_3DES_EDE_CBC_SHA 0x00 0x16 TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x00 0x0A REC DHE 1024 RSA
141. HTTP HTTPS HTTPS HSTS Appendix B 4 HSTS Firefox 17 HSTS HTTPS 2014 9 HSTS gt Apache 2 2 22 Ligh
142. TLS_RSA_WITH_AES_128_CBC_SHA IDEA DES MD5 SHA 1 SHA 256 3 55 E 2013 7 POODLE Padding Oracle On Downgraded Legacy Encryption SSL3 0 http www ipa go jp security announce 20141017 ssl html SSL TLS 8 E 3 2 1 2 SSL TLS HTTP SMTP POP SSL TLS
143. lt 7 EE Internet Explorer H E http 7msdn microsoft com ja jp 1e cc844 3 E TLS1 1 HH TLS1 Internet Explorer 003 aspx gt 32 lt Y Gr 2
144. ssl honor cipher order enable HTTP Strict Transport Security Public Key Pinning 7 2 Appendix B 4 lighttpd OCSP Stapling nginx server listen 443 ssl SSL TLS 72 ssl_certificate etc ssl chain crt ul ssl_certificate_key etc ssl server key Appendix C 2 ssl_ciphers Appendix B 2 3 ssl_protocols Ii ssl_prefer_server_ciphers on HTTP Strict Transport Security OCSP Stapling Public Key Pinning 7 2 Appendix B 4 B 2 B 2 1 Apache Apache SSLProtocol TLSv1 2
145. 27 E
146. 4 Plenaryy 3 8 1 Interim Plenary 75 Base Slot 18 14 4 Plenary 2 1 Interim Study Group Project Authorization Request Task Group Requnrement Down Section Procedure Call for Proposal Proposal Presentation Down Selection Merge TG Draft Internal Comment Resolution WG Letter Ballot Comment Resolution TG Draft Sponsor Ballot Comment Resolution TG Draft Sponsor Ballot Standard 20 9 1 IEEE802 IEEE802 lt gt lt gt lt gt lt gt
147. SSL 2014 9 Google Chrome Mozilla Firefox 2 HTTP SSL SPKI IETF Public Key Pinning Extension for HTTP Appendix B 6 3 http technet microsoft com ja jp security j653751 SSL TLS 52 PARTII amp SSL TLS 53 8 8 1 8 1 1 OS 201 MD
148. CRYPTREC 2013 2 2 K WG 2013 SSL TLS WG 1 2 2014 3 1 1 2014
149. OS Windows Vista ServicePack2 2017 4 11 Windows 7 Service Pack 1 2020 4 11 Windows8 2016 1 12 Windows 8 1 2023 1 10 Mac OS X 10 9 vv V Vv YV 0OS gt Android Android4 x gt ioS 8 8 1 2 2015 8 1 1 OS Microsoft Internet Explorer 2016 1 12 mmternet Explorer 16
150. 20183 2014 13 CIO X Y 8 A B C D E F G H I e
151. SSL2 SSL3 TLS 1 0 TLS 1 1 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 A Windows Server 2008 2008 R2 2012 2012 R2 GUI NARTAC IIS Crypto https www nartac com Products IISCrypto SSL TLS 84 7 1 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 TLS_ECDHE_ECDSA_WITH_AE S_128_GCM_SHA256_P256 TLS_ECDHE_BCDSA_WITH
152. 2 2 RC4 128 bit RC4 SSL TLS1 0 CRYPTREC RC4 r lt gt RC4 gt
153. WG TCG TIPA METT NICT WG NSA BSI CESG DCSSI http Wwww trustedcomputinggroup org about_tcg industry_participation TCG e 3 2 6 10 W
154. cci 54 8 1 SI Rteee2 54 Sly BR Se 54 812 CR Rh ER EE 54 82 NR 11 55 82 SS RE hh kk h 55 52 55 8 3 kk 24 141 21 57 8 3 1 1024 SHA 1 57 5 325SSE3 0 ORR RN CE RR SS 59 9 ONES TR NN NE RSS 60 9 1 VPN over SSL SSL VPN 60 Appendiw a RR fh 62 Appendx RNG k sls lt E 63 2 UK AI 63 0 AN KN 64 A 3 N ae 65 A 4 Lucius 68 AppendixB SS RR GE 71 B 1 Lucci 71 BINApache SE SE EE 71 B25dighttp RE hE li 72 B13ungin NS lt El EE 72 SSL TLS 3 B 2 ee 73
155. 2014 11 2015 1 IT 1 20 1 2 3 4 gt NISC National Information Security Center NISC National center of Incident readiness and Strategy for
156. A 10 VPN er VPN 1 J TIPsec SSL VPN TIPA A 2
157. 128 Perfect Forward Secrecy DHE RSA DHE 1024 256 RSA 2048 e ECDHE ECDH 6 5 3 22 PFS 6 3 3 DHE
158. Apache Tomcat Microsoft IIS DHE 2048 2015 2048 512 0 EN DHE 1024 1024 ECDHE 3 6 4 SSL TLS 1 Re i i ihe TIETE
159. HTTP HTTPS SSL strip Moxie Marlinspike HTTP HTTPS HTTPS RFC 6797 HTTP Strict Transport Security HSTS HSTS SSL TLS HTTPS HTTPS HTTP Strict Transport Security max age includeSubDomains HSTS HTTP HTTPS HSTS
160. 3 PE 3 Java ActiveX on demand 3 SSL IP SSL TLS SSL VPN VPN SSL TLS On demand
161. 1 3 EV OV Extended Validation OV Web OV DV i C
162. 2 DHE ECDH ECDHE H RSA 1 3 2013 1024 DHE 4 2015 1 Alexa 61 5 236
163. DN NG 6 5 6 1 PSK KRB ECDH ECDSA E RSA 2 IETF 6 5 1
164. POODLE SSL3 0 SSL3 0 POODLE TLS1 0 RFC2246 1999 TLS1 1 RFC4346 2006 2013 3 100 CBC SSL3 0 POODLE TLS1 0 1H AEBS H M
165. i 4 1 i 5 DHE 2048 ii 3 i 1 e ii 3 1 6 1 1 1 5 ii 3 1 ac 6 5 1 1 5 ii 5 1 e sj ii 6 ECDHE 256 ii 7 DHE ii 8 DOHE 2048 FE SSL TLS 64 ETA ET a a C
166. SSL TLS OpenSSL Windows 0 133 7 2 4 OCSP Stapling CRL OCSP CRL OCSP
167. Case of CCS Injection 12 10 13 40 13 55 WG 14 15 WG 14 85 15 00 ISP 15 45 12 2 2012 CRYPTREC
168. BEV NT 2 https factorable nekeycheck html 100 SSL TLS 44 15 DV Y f Domain Validation Web 4 DY E OV Organization Validation
169. 4 Default Web Site HTTP y lt gt Default Web Site web confiq max age 365 31 536 000 includeSubDomains Strict Transport Security max age 31536000 includeSubDomains N Btrict Transport Security V max age 31536000 includeSubDomains 6 OK B 5 OCSP Stapling B S 1 Apache OCSP staping SSLStaplingCache stapling_cache 128 000 lt VirtualHost 443 gt SSLStaplingCache shmcb tmp staphng_cache 128000 SSL TLS 79
170. PWI lt gt ISO TSO IEC gt Tast Track 1 1 ISO IEC JTC 1 SC27 ISO IEC JTC 1 SC 27 lt gt lt gt lt gt lt gt 5 amendment ISO ISO IRC JTC 1 SC 17 ISO TC 215 IEC IEC TC 57 IEC TC 65
171. SSL On demand Java Active X TP EE oe SSL Tp VPN3 L VPN SSL SSL TLS 1 Appendix SSL TLS 62 AppendixA URL pdf http www ipa go jp files 000045632 pdf excel http www ipa go jp files 000045650 xlsx A 1
172. SSL TLS 17 RE CD TET ET 7 w I 2 TLS1 1 v RSA SHA 2560 2048 ECDSA SHA 25 NIST P 256 Subject bic Key Info Subje 1 0 Ne 2 4 A 0 6 1 0 6 2048 2
173. Tao of IETE RFC2026 4 1 3 5 1ESG WG AD IESG 6 7 IETF IESG Security Directorate SecDir General Area Review Team Gen Ar 2 RFC 8 IESG
174. Microsoft Internet Explorer FAQ http support2 microsoft com gp microsoft internet explorer Microsoft Internet Explorer gt Apple Safari Google Chrome gt Mozilla Firefox Mobile Safari OS iOS 8 Mobile Safari SSL TLS 54 16 Internet Explorer 2014 11 10 OS 2015 2016 2017 2018 2019 2020 2021 2022 2023 Internet Explorer 7 Windows Vista SP2 2016 1 12 Windows Vista SP2 2016 1 12 Internet Explorer 8 Windows 7 SP1 2016 1 12 Windows Vista SP2 2017 4 11 Internet Explorer 9 Windows 7 SP1 2016 1 12 Windows 7 SP1 2016 1 12 Internet Explorer 10 Windows 8 2016 1 12 Windows 7 SP1 2020 1 14 Internet Explorer 11 Windows 8 1 2023 1 10 8 2 8 2 1 8 1
175. 2048 DHE DHE A G 13 SSL TLS 42 FREBAK FREAK SSL TLS RSA RSA_EXPORT RSA_EXPORT 2000 2048 RSA
176. 3 SSL TLS 4 6 4 6 3 SSL TLS 7 SSL TLS 8 7 9 SSL TLS SSL VPN
177. No CC RN OEM 17 CS
178. SHA 384 i TLS RSA _ WITH AES 128 CBC_SHA RSA AES_128_CBC a 1 SSL TLS SSL TLS SSL TLS 6 1 6 2 6 4 6 1 128 CBC AES
179. WD CD CDV FDIS IS JEMIMA 103 0014 2 15 12 TEL 03 3662 8181 FAX 03 3662 8180 17 lt gt IEC TC 65 WG 10 1EC 62443 IEC 62448 4 Part 1 IEC TS 62443 1 1 IEC 62443 1 2 TEC 62443 1 3 1IEC 62443 1 4 Part 2 IEC 62443 2 1 TEC 62443 2 2 IEC 62443 2 3 TEC 62443 2 4 Part 3 IEC TR 62443 3 1 IEC 62443 3 2 IEC 62443 3 3 Part 4 IEC 62443 4 1 TEC 62443 4 2 IEC TC 65 WG 10 TEC 62443 2 4 ISA 899
180. 1 SSL3 0 SSL3 0 Qc RC4 TLS1 0 1 SSL3 0 E SSL3 0 H NO RC4
181. IPA OMB NIST
182. WG 14 ISO TC215 162 0825 1 2 08 3267 1924 WG lt gt TC Chair lt gt IT TC215 IEC SC62A JWG7 Joint WG JWG7 WG4 15 2 IEC TC 65 WG 10 1SA 99 IRC TC 65 WG10 ISA99 lt gt lt gt lt gt
183. Triple DES RC4 TLS1 0 Triple DES RC4 TLS1 0 Triple DES TLS1 0 Triple DES AES Camellia TLS1 0 RC4 TLS1 0 RC4 AES Camellia RC4 RC4 NIST ENISA SSL TLS
184. 6 5 2 47 ECDHE AESGCM DHE AESGCM RSA AESGCM DHE CAMELLIA DHE AES RSA CAMELLI A RSA AES ECDH AESGCM DSS PSK SRP 6 5 2 48 DHE AESGCM RSA AESGCM DHE CAMELLIA DHE AES RSATCAMELLIA RSA TAES RC4 S HA EDH RSA DES CBC3 SHA DES CBC3 SHA DSS PSK SRP 6 5 3 SSL TLS 87 17 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 6 5 OpenSSL ECDHE BCDSA ABS256 GCM SHA384 TLS_ECDHE_RSA_ WITH_AES_256_GCM_SHA384 ECDHE RSA AES256 GCM SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA2S6 ECDHE ECDSA AES128 GCM SHA2S6 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA23S6 ECDHE RSA AES128 GCM SHA2S6 TLS_DHE_RSA_ WITH_AES_256_GCM_SHA384 DHE RSA AES256 GCM SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA2S6 DHE RSA AES128 GCM SHA2S6 TLS_DHE_RSA_ WITH_AES
185. SSL TLS E 3 CA FE HF S Active Directory Appendix H CA MY
186. E Subject Public Key Info Subject Public Key Algorithm RSA OID 1 2 840 113549 1 1 1 2048 256 NIST P 256 OID 1 2 840 10045 3 1 7 Signature Algorithm Certificate RSA SHA 256 sha256WithRSAEncryption OID 1 2 840 113549 1 1 11 2048 ECDSA SHA 256 ecdsa with SHA256 OID 1 2 840 10043 4 3 2 226 NIST P 236
187. IRC IEC 62443 2 4 IEC TC 65 WG 10 1ISA 99 ISA 99 2 Web Tace to face Meeting IEC 62443 3 3 IEC 62443 2 4 IEC 62443 4 2 ISA ISCIISA Security Compliance Institute IEC 62443 4 1 ISCI
188. 512 RSA RSA SSL TLS 512 RSA Amazon BC2 100 12 768 RSA 2010 512 RSA FREAK RSA_BXPORT EXPORT
189. SSL TLS 38 IETF IETE ISOC JPNIC IETT IETF ISOC JP http www isoc p IETE IETF Tao of IETF http wwwr ietf org tao htm1l IETF Tao of IETE http wwwr ietf org tao translated a html IETF RFC JPNIC https wwwr nic ad p ja tech rfc jp html JPNIC REC JP Introduction to RFCs http rfc p nic ad p 1ntroduction WhatisRFC html lt gt IETF
190. 256 6 5 2 1 ii 7 RSA 2048 ii 8 DHE ii 9 DHE 1024 ii 10 ii 11 AES128 SHA SSL TLS 66 EP i i HH Ek Ei RD i 9 3 RB lt EEEEEEEIEE SERBEEIEEEEEEEE EEEIREREEIHE SSL TLS 67 A 4 1 2 2 CCE 1 2
191. ARTB ARTB 100 0013 1 4 1 TEL 03 5510 8597 FAX 03 3592 1103 http www arib orjp 33 7 1SA 100 ISA100 lt gt lt gt lt gt lt gt IETR IEEE
192. Fast Track ISO Word Web lt gt ISO TSO IEC gt TC SC ISO ISO Tast Track lt ISO 1SO IEC gt ISO TSO IEC gt PWI
193. SSL3 0 H RC4 SSL3 0 TLS1 0 RC4 SSL3 0 SSL TLS 14
194. SSLProtocol All SSLv2 SSLv3 SSLProtocol All SSLv2 B 2 2 lighttpd lighttpd SSL TLS 73 ssl use tlsv1 1 disable ssl use tlsv1 disable ssl use sslv3 disable ssl use sslv2 disable ssl use sslv3 disable ssl use sslv2 disable ssl use sslv2 disable B 2 3 nginx nginx TLS1 1 TLS1 2 1 1 13 1 0 12 OpenSSL 1 0 1 Ver 1 1 13 1 0 12 OpenSSL ver 1 0 1 ssl_protocols TLSyV1 2 ssl_protocols TLSv1 2 TLSy1 1 TLSv1 Ver 1 1 13 1 0 12 OpenSSL ver 1 0 1 ssl_protocols TLSy1 ssl_protocols TLSyv1 2 TLSv1 1 TLSv1 SSLyv3 Ver 1 1 13 1 0 12 OpenSSL ver 1 0 1 ssl_protocols TLSv1 SSLv3 B 2 4 Microsoft IIS 0S
195. 2015 5 pd ar EX SSL2 0 SSL3 0 E 3 IEB6 SSL2 0 TLS1 0 8 TLS1 1 TLS1 2 TLS1 1 TLS1 2 Internet Explorer TLS1 2 TLS1 1 TLS1 0 SSL3 0 S
196. TS TR EN lt gt ETSI EU lt gt ETSI
197. setenv add response header SSL TLS 82 B 6 SHA 256 SHA 1 Public Key Pinning pin sha256 SHA 256 Base64 pin sha256 SHA 256 Base64 pin sha1 SHA 1 Base64 Jpin sha1 SHA 1 Base64 max age 6 OK SSL TLS 83 Appendix C Appendix
198. POODLE SSL3 0 SSL3 0 SSL3 0 8 3 2 SSL TLS SSL3 0 IPA Windows SSL 3 0 Windows SSL 3 0 URL Apache Http Server SSL 3 0 Apache Http Server SSL 3 0 URL
199. SSL TLS SSL TLS 1 1 5 1 1 5 1 2 MR98ReHei 5 1 3 1 6 2 7 2 1 SSL TLS 7 2 SETLS 7 2 2 9 22 10 2 2 1 CRYPTREC ee 10 2 2 2 Mui 10 PARTI ii 13 3 97 14 3 1 00 We 14 R OO 16 9 17 4 19 4 1 DPWTOD 19 4 2 DD We 20 5 i 22 5 1 i 22 5 2
200. WG WG o WG JRETCG Camelhia TPM2 0 5 METI IPAJRE WG TCG
201. RC4 Ne SS 6 3 SSL TLS 9 NIST SP800 52 revision 1 draft Guidelines for the Selection Configuration and Use of Transport Layer Security TLS Implementations ENISA Algorithms Key Sizes and Par
202. SSL TLS 65 2 2 6 6 i 3 2 A 6 B 6 6 6 i 4 2 i 5 RSA 2048 i DHE 1024 amp i 8 ii 3 2 A B ii 5 2 ii 6 ECDHE ECDH
203. TLS1 2 TLS1 1 TLS1 0 SSL3 0 SSL2 0 Windows Server 2008 xX X Windows Vista X xX QO O Windows Server 2008 R2 O QO Windows 7 Windows x SSL TLS 74 Schanneldall https support mtcrosoft com en us kb 243030 HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Control SecurityProviders Schannel Protocols SSL 2 0 Server DisabledByDefault dword 00000001 HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Control SecurityProviders Schannel Protocols SSL 3 0 Server DisabledByDefault dword 00000001 HKEY_LOCAL_MACHINEB SYSTEM CurrentControlSet Control SecurityProviders Schannel Protocols TLS 1 0 Server DisabledByDefault dword 00000001 HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Control SecurityProviders Schannel Protocols TLS 1 1 Server DisabledByDefault dword 00000001 HKEY_LOCAL_MACHINEB SYSTEM CurrentControlSet Control SecurityProviders S
204. 1 ISO ISO IEC ISO ISO IEC JTC 1 lt gt lt gt lt gt lt gt e National Body JISC 1 P member ISO IEC Directives JTC 1 Supplement JTC 1 Standing Documents National Body 2 4 386 24 48 6 NP New Work Item Proposal WD Working Draft CD Committee Draft DIS Draft International Standard FDIS Final Draft International Standard IS International Standard NP PWI Preiiminary Work Item
205. 6 B i 3 7 ECDHE ECDH 256 ii 8 RSA 2048 ii 10 DHE 1024 ee ii 10 ii 13 DES CBC3 SHA ne co Ni ae EE 1 w Slo te SSL TLS 69 i 0 Pl My l 2 Ui I Ro EF 1 se 00 il lili lil 8 TLS_RSA_WIIH_RC4 128_SHA A WIIH 3DES EDE CBC SHA DHE G WIIH 3DES EDE CBC SHA TTYTLTTTRTTLYTTDTTTLTNTTTTTLTTTTTTTDSTTTIRNTTTTTTTTTTTTTTTTTTTTTTITTTITTITTT TLS TLS
206. A BEB 3 i 6 3 es as i 6 RSAN 2048 i 7 DHE oo 1 5 1 5 5 3 1 5 1 5 Le 3 6 4 1ii 3 ep EB 3 1 ii 4 3 G O w ii 5 3 A
207. DHE 2048 DHE DHE ce 8 11 x ECDH ECDSA 11 11 o TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC0 0x2C TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC0 0x8B 8 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC0 0x2B TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC0 0x8A ECDHE 256 6 5 2
208. jnternet Explorer S 1 Firefox Firefox V OCSP OCSP W OK 8 3 8 3 1 1024 SHA 1 CA Browser Forum
209. OpenSSL 6 0 DHE RSA AES256 GCM SHA384 DHE RSA AES128 GCM SHA256 e ECDHE ECDSA AES256 GCM SHA384 ECDHE RSA AES256 GCM SHA384 DHE RSA AES2 56 GCM SHA384 ECDHE ECDSA AES128 GCM SHA256 ECDHE RSA AES128 GCM SHA25 6 DHE RSA AES128 CM SHA2S6 ECDHE AESGCM DHB CAMELLIA DHE AES DSS DH PSK SRP DHE AESGCM DSS PSK SRP 6 5 1 EBCDHE AESGCM EDH AESGCM DSS PSK SRP 6 5 1 SSL TLS 86 9 DHE RSA AES128 GCM SHA256 DHE RSA AES128 SHA2S6 DHE RSA CAMBLLIA128 SHA DHE RSA
210. cei 26 5 3 26 ck PORN 27 5 4 1 Luc 27 5 4 2 CA uci 28 5 4 3 Mii 28 5 4 4 29 6 31 6 1 DPIWTXOD 31 6 2 33 6 3 CO 34 6 3 1 Perfect Forward Secrecy 35 6 3 2 35 6 3 3 DHE ECDHE 36 6 4 MWO KN 38 6 5 LTO 38 SSL TLS 2 IT
211. 2014 1 1 RSA SSL TLS 57 2048 RSA 2048 SHA 1 Microsoft Internet Explorer 2017 1 1 SHA 1 ul HH Google Chrome Chrome 39 SHA 1 39 2017 1 1 2016 6 1 12
212. SSL SHA 256 SHA 1 max age includeSubDomains SSL TLS 80 Pubhc Key Pins pin sha256 OtXcS8 scL7K6HiPksOQ8mqlyY08Xdc4Z5raHT xSh9 s pin sha256 kb6xLprt35abNnSn74my4Dkfya9arbkSzNSa60YzuqE max age 3000 includeSubDomains Public Key Pins pin shal FhxvMPhD7Q bynwygLO0mL7L70 pin sha1 KqqgJgAYLy9ogXOW ETcR36ioKf20 max age 3000 includeSubDomains SHA 256 Base64 QtXc8 SHA 256 Base64 kbexLp FhxvM KqqJgA SHA 1
213. SSL3 0 POODLE POODLE BEAST SSL3 0 CBC BEAST BEAST 1 N 1 POODLB SSL3 0 SSL3 0 1 1 256
214. 1 C 2 OpenSSL C 2 1 Apache lighttpd nginx Apache lighttpd nginx C 2 2 OpenSSL EAI Apache C 2 2 VirtualHost SSLCipherSuite SSLCipherSuite SSL TLS 85 jishttpd C 2 2 SERVER ssl cipher iist ssl cipher list nginx C 2 2 server ssl_ciphers ssl_ciphers C 2 2 OpenSSL OpenSSL 6 17 SSLCipherSuite SSLCipherSuite DHE RSA AES256 GCM SHA384 DHE RSA AES128 GCM SHA256
215. 7 1 1 OpenSSL NU 2 7 1 2 CA ER CA
216. E SSL TLS 201 lt gt 3 2 SSL TLS
217. Header add Public Key Pins pin shal SHA 1 Base6 4 pin sha1 SHA 1 Base64 max age 1 mod_headers httpd conf https projects dm id lv s pkp online calculator htmil SSL TLS 81 LoadModule headers_module modules mod_headers so B 6 2 lighttpd 4 B 6 SHA 256 SHA 1 setenv add response header Public Key Pins gt pin sha256 SHA 256 Bas e64 pin sha256 SHA 256 Base64 max age Public Key Pins gt pin shal SHA 1 Base64 pin shal SHA 1
218. IEEE ITU http www iso org iso home standards_development Hhst_of iso_technical_committ ees iso_technical_committee htm commid 45306 Call for Contribution NB National Body Expert SC27 WG2 WG 2 4 5 10 11 1 4 5 WG 13 00 UTC
219. 28 lt gt TPM2 PC TCG TCG
220. PC lt gt G2G 2015 8 1 2 SSL TLS PC
221. 3 DV A Browser Forum EV 7 1 3 1 2 3
222. E 26 CRYPTREC 2013 3 CRYPTREC 26 5 19 We ay CRYPTREC 6 1 5 1 b
223. Microsoft Office Word Japan Regional Forum JRE http wwwr trustedcomputinggroup org7jp jrf_in_tcg Anne Price 1 602 840 6495 p_press trustedcomputinggrouD OYg 1oT Embedded System TCG 2015 TPM1 2 27 lt gt TCG NGO http www trustedcomputinggroup org about tcg
224. Ni NIST NSA 5 22 IT SECURITY Specifications
225. 1024 DHE DHE SSL TLS 1024 92 CRYPTREC gt 3 E DSA Triple DES RC4 Triple DES RC4 1 1 DSA gt
226. 6 1 3 RFC E 12 A TLS1 2 SSL TLS A B H C RFEC 6 AES128 SHA TLS1 2
227. TLS1 0 SSL3 1 TLS1 1 RFC4346 TLS1 0 CBC BEAST TLS1 2 RFC5246 SHA 2 family SHA 256 SHA 384 MAC SHA 2 family GCM CCM fe 2 SSL TLS IETF TLS1 3 SSL TLS
228. http Wwww iso org 1so 1so_technncal_committee htm1 commid 45332 NB PWI NP WD CD Project editor Project co editor 105 0011 8 5 8 808 3 03 34831 2808 FAX 03 3431 6493 11 lt gt gt SC31 12 1 4 ISO IEC JTC LSC 6 ISO IEC JTC LSC 6 lt gt
229. CA CA CA URL URL CA Internet Explorer 11 EV CA
230. 9 SSL TLS SSL TLS 2 3 SSL TLS lt 6 4 6 3 7 SSL TLS 8 9 8S8L TLS CSSL VPN v SSL TLS 4
231. RewriteEBngine On RewriteRule https HTTP_HOST 1 redirect 301 lt VirtualHost gt B 4 2 lighttpd HTTP HSTS Appendix B 1 2 jighttpd conf max age 365 31 536 000 includeSubDomains setenV add response header Strict Transport Security gt max age 31536000 includeSubDomains HTTP HTTPS PN Appendix B 1 2 modules conf lighttpd conf 0 SSL TLS 77 modules conf SerVer modules mod_redirect Highttpd conf HTTP scheme http HTTP host urlredirect gt https 0 0 B 4 3 nginx HTTP HSTS max age
232. Base64 max age B 6 3 nginx B 6 SHA 256 SHA 1 add_header Public Key Pins pin sha256 SHA 256 B ase64 pin sha256 SHA 256 Base64 max age add_header Public Key Pins pin shal SHA 1 Base6 4 pin sha1 SHA 1 Base64 max age 2 B 6 4 Microsoft IIS IIS B 6 1 IIIS 2 3 HTTP 4 HSTS Public Key Pinning
233. e 1 WG 2 e 8 WG EU 34 EU Microsoft Office Word
234. lt gt IEC 62443 ISA 99 NP WD ISO IEC JTC 1 SC 27 WG 99 ISO IEC JTC 1 SC 27 WG 2 IEC TC 65 WG 10 2 ISA 99 2 ISA 99 ISA 99 WG IRC T
235. 1 43 3 3 3 A 14 1 2 3 3 B 5 All websites affected by the Heartbleed bug Reissued 43 Reissued with same private Revoked 20 key 7 8 Netcraft 21 http 7news netcraft com archives 2014703709 Kkeys left unchanged in many heartbleed replacement certf icates html SSL TLS 30 6 i _ TLS_ DHE RSA_WITH_CAMELLIA_256_GCM_SHA384 DHE RSA 256 GCM Camellia CAMELLIA_256_GCM
236. 2048 NIST SP800 57 2030 2048 2030 1 SHA 1 RSA1024 CRYPTREC ECDH ECDHE 256 RSA 2048 6 3 3 DHE ECDHE DHE ECDHE ECDH
237. Base64 max age 50 3 000 Base64 OpenSSL PEM Public Key Pins OpenSSL PEM certificate pem SHA 256 Base64 openssl x509 noout in certificate pem pubkey openssl asnlparse noout inform pem out pu blic key openssl dgst sha236 binary publhc key openssl enc base64 B 6 1 Apache B 6 mod_headers SHA 236 SHA 1 Header add Public Key Pins pin sha256 SHA 256 Base64 pin sha256 SHA 256 Base64 max ag e
238. CA Appendix D 1 DigiNotar 2011 8 DisiNotar CA 2 2011 6 1 531 Google Gmail
239. gt CRYPTREC lt gt 1 2 ISO IEC JTC 1 SC 17 ISO IEC JTC 1 SC 17 lt gt lt gt lt gt lt gt 5 PWI NP Call for Contributi
240. CRYPTREC SSL TLS CBC Ciphertext Block Chaining BEAST Browser Exploit Against SSL TLS gt MAC Message Authentication Code GCM Galois Counter Mode gt CCM Counter with CBC MAC http www cryptrec go jp report c13_kentou_giji02_r2 pdf SSL TLS 7 2 SSL TLS SSL2 0 1994 e A SSL2 0 2005 SSL2 0 E SSL2 0 SSL3 0 RFC6101 1995 SSL2 0 2014 10 POODLE CBC
241. 10 2 sr 2 x 2 x 2 2 x x x ER NIST SP800 57 Part 1 revision 3 3
242. 365 31 536 000 includeSubDomains add_header Strict Transport Security max age 31536000 includeSubDomains HTTP HTTPS listen 80 server listen 80 return 301 https hostname request_uri B 4 4 Microsoft IIS IIS HTTP HSTS 1 IIIS 2 3 HTTP 4 SSL TLS 78 CONTOSODC01 Default Web Site wn 0 F V H 9 4 CONTOSODCO1 CONTOS Web 7 HTTP
243. 11 3 NISTSP800 57 WG SSL 2030 2031 80 RSA 1024 DH 1024 ECDH 160 ECDSA 160 SHA 1 112 3 key Triple DES RSA 2048 DH 2048 ECDH 224 ECDSA 224 128 AES 128 Camellia 128 ECDH 236 ECDSA 256 SHA 256 128 RSA 4096 192 DH 4096 HMAC SHA 1 192 ECDH 384 ECDSA 384 SHA 384 256 AES 256 Camellia 256 ECDH 521 ECDSA 521 HMAC SHA256 256 HMAC SHA384 SSL TLS 12 PART I SSL TLS 13 3 SSL TLS rR AN ah Oo 7Y Qc 3 3 1 SSL TLS
244. 1SA 99 ISA 62448 TEC 18 lt gt ISA WG3 ISA 62443 1 1 Terminology Concepts and Models 9 00 AM ET WG2 ISA 62443 2 1 CSMS 10 00 AM ET WG4 TG4 ISA 62443 4 2 Derived Requirements 11 30 AM ET WG4 TG5 ISA 62443 1 8 Security Metrics 01 00 PM ET WG4 TG2 ISA 62443 3 3 Foundational Requirements 11 00 AM ET WG4 TG6 ISA 62443 4 1 Product Development Requnrements 11 00 AM ET WG4 TG3 ISA 62443 3 2 Zones and Conduits 10 00 AM ET 19 8 1EEE IEEE lt gt lt gt 6
245. E Ephemeral DH Ephemeral ECDH DHE ECDHE 6 3 2 5 4 3 4096 RSA CRYPTREC 1 SSL TLS 2048 RSA 85 2033 2 2 2 3
246. v DHE 1024 ECDHE 47 Apache 2 4 6 Java 7 JDK7 Windows Server 2012 52 3 87 5 45 8 1024 ECDHE 62 7 98 DHE 256 25 https 7 securitypitfalls wordpress com 2015702 01 january 2015 scan results 36 SSL TLS DHE 2048 2048 2048 OpenSSL Apache 2
247. 90 4 BoD 5 BoD TPM 1 TPM WG TCG TPM WG BoD BoD Registry TC BoD IP BoD BoD 2 A PN Rh 0 MN 3 6 Q10 gt 6 10 WG WG WG 26
248. SSL TLS ny Rk ri 1 8 2 WG 3 SSL TLS WG 2015 E RC4 NN SSL TLS Appendix A SSL TLS
249. Version Serial Number Certificate Signature Algorithm Validity Not Before Not After Subject Subject Public Key Info Algorithm Public Key Value Extensions Certificate Key Usage Certificate Signature Value 5 3 18 Windows SSL TLS 26 2 2 1 CRYPTREC 8 RSA SHA 2
250. Camellia RC4 SHA 384 SHA 256 SHA 1 TLS1 2 TLS1 0 TLS1 2 1 0 SSL3 0 2048 RSA 256 BCDSA SHA 256 SHA 256 SHA 1 3 3 2 Appendix A
251. lt VirtualHost 443 gt SSLCACertificateFile etc ss1 ca certs pem SSLUseStaplng on lt VirtualHost gt B S 2 nginx OCSP stapling server ssl_staplhng on ssl_staphng_verify on ssl_trusted_certificate etc ssl ca certs pem B S 3 Microsoft IIS Windows Server 2008 Windows OCSP Stapling B 6 Puplic Key Pinning Public Key Pinning HTTP Public Key Pins Public Key Pins pin sha256 SHA 256 Base64 pin sha256 IincludeSubDomains Public Key Pins pin shal hal bDomains SHA 256 Base64 max age SHA 1 Base64 pin s SHA 1 Base64 max age includeSu
252. 2 3 1 e
253. 31 2017 1 1 HTTP 2 2016 1 1 12 31 2017 1 1 Firefox 2014 SSL TLS RSA 2048 2015 SHA 1 2015 Firefox 8 2015 SS 2017 1 1 UI 2016 0 0 2017 1 1 2017 ce 3 Se 34 0 http blogs technet com b pki archive 2013 11 12 sha1 depreca
254. 70 SSL TLS Appendix B Appendix B 1 B 1 1 Apache Apache HTTP Server httpd ssl conf lt VirtualHost 443 gt SSLEngine on SSLCertificateFile etc ss1 chain crt SSLCertificateKeyFile etc ssl server key Appendix C 2 SSLCGipherSuite Appendix B 2 1 Sr SSLProtocol SSLHonorCipherOrder On HTTP St
255. 65 1 iia 38 6 5 2 i 39 6 5 3 kt 42 7 SSL TLS Luci 44 7 1 ee 44 7 1 1 44 7 1 2 0 44 7 1 3 DP 45 2N NAO2000 6 46 7 1 5 46 6 EECA 47 7 2 48 7 2 1 HTTP Strict Transport Security HSTS es 48 7 2 2 gt 0 49 7 2 3 MMi 50 7 2 4 OCSP Stapling KN 50 7 2 5 Public Key Pinning uuu 51 PARTII KK 53 8
256. E SSL TLS 39 12 A B TLS_DHE_RSA_WITH_ABS_128_GCM_SHA2S6 Ox00 0x9E TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA Ox00 0x4S TLS_RSA_WITH_AES_128_GCM_SHA2S6 0x00 0x9C TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Ox00 0x41 C D TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x00 0x9F TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA Ox00 0x88 E E TLS_RSA_WITH_AES_256_GCM_SHA384 0x00 0x9D TLS_RSA_WITH_CAMELLIA 256_CBC_SHA Ox00 0x84 3 DHE 1024 RSA 2048 DHE DHE
257. PWI NP WG DICOM IHE TIEC SC62A http www iso org iso home standards_development Hst_of_iso_technical_committ ees iso_technical_committee htm commid 54960 P 2 WG2 JWG7 lt ISO TC215 P TC215
258. a Bomeere Firewalls Operating Systems Systems Biometrics Healthcare Web Browsers Protocols Encryption DES SHA 1 SHA 2S6 SHA 384 3DES Skipjack AES Hashing Authentication Signature 5 SAIC TUVIT CSC ARCA Accredited CygnaCom COACT Eeesssssssa Testing Domus ImfoGard Atan gwA Laps FIPS 140 2 Key Met Crypto DSA FIPS Modules MOV Wrapping ECDSA ECDSA2 xisting Standard Existing Standard Test Development in Progress Standard and Testing Available no Testing Industry Standard Future Standard Standard E Specification or Specification or in Recommendation Recommendation Progress H NIST CMVP Status and FIPS 140 1 amp 2 CMVP Conference 2002 Presentation NIAP CC
259. lt gt lt gt lt gt 105 0011 3 5 8 808 8 03 3431 2808 FAX 03 3431 6493 lt gt lt gt 13 1 5 ISO TC 215 ISO TC 215 lt gt lt gt lt gt lt gt 8 2 TC215
260. B DHE 256 A A F E 1 1024 ECDHE ECDH RSA 2048 6 2 SSL TLS IETF CRYPTREC 2 2 1 9
261. OCSP 2 1 OCSP OCSP OCSP SSL 3 Certificate Revocation List Online Certificate Status Protocol SSL TLS 50 DDoS OCSP SSL TLS 2 OCSP OCSP
262. RSA_EXPORT FREAK RSA_EXPORT RSA_EXPORT Factoring RSA Export Keys SSL TLS 43 7 SSL TLS SSL TLS 7 1
263. XML RTC Word PDF Web IETF Tools http tools 1etf org e SSL TLS 1 3 TIPsec X 509v8 CMS RFC PKCS 11 RFC Encryption by defaultl
264. 2 lion 2 3 3 2 3 4 ir 2 3 5 ee 2 4 AppendixA SSL TLS Appendix B 1 Appendix B 2 10 11 13 13 13 15 19 19 2014 20183 2
265. 2014 10 15 2 2014 12 11 8 2015 2 28 1 4 CRYPTREC 2015 2015 3 20 168 3 11 10 00 15 50 10 00 10 15 CRYPTREC 10 30 10 45 WG 11 05 WG 11 25
266. 2014 12 08 poodleagain html https cve mitre org cg1 bin cvename cg17name CVE 2014 8730 SSL TLS 21 5 SSL TLS 2 1 2 5 1 2 2015 5
267. 4 10 7 Tel 03 6809 5149 Fax 03 3451 1770 URL http www jbmia or jp lt gt ISO IEC JTC 1 8SC 17 9
268. B22515ATehe GS hhh 73 B22 lighttpdu ES lt hE 73 B23Sgnsin i 74 B 2 4 Microsoft IIS cies 74 3 KK 75 B 3 1 OpenSSL DHE ECDH ECDHE 75 B 3 2 Apache DHE ECDH ECDHE 76 B 3 3 lighttpd DHE ECDH ECDHE 76 B 3 4 nginx DHE ECDH ECDHE 76 B 4 HTTP Strict Transport Security HSTS Ne 77 B 421 Dache EE EE EE Ei 77 B 42521iahttpd 77 Sin 78 B44 MicrosofEIIS lt EE i EE kk 78 B 5 OCSP Stapling O ee 79 BISApache 79 80 B 5 3 Microsoft IIS SERN Rk sk ki EEE 80 B 6 Public Key Pinning Mi 80 0 ADache 81 B 622Jlighttpd WESSRNGS Ek Ei Ai 82 B 6 35nginx lt kl ER 82 B 6 4 MicrosofEIIS Rk Ll 82 Appendix C 84 CT 00wWSE 84 2 0bangss
269. Renegotiation er te raha ha 10 1 9 SR 13 11 1 10 HTTP 12 GET access_of_user Cookie XXXXXX witter API GET access_of_attacker 7 3 X lgnore GET access_of_user Cookie XXXXXX S 10
270. Signature Algorithm SHA 256 SHA 1 RSA SHA 256 sha256WithRSABncryption OID 1 2 840 113549 1 1 11 2048 RSA SHA 1 shalWithRSABncryption OID 1 2 840 113549 1 1 5 2048 SHA 1 SHA 1 8 3 1
271. gt Perfect Forward Secrecy E SSL TLS 31 ND 6 5 1 gt DSA 5 1 DSA gt oc 8 e DHE 2048 256
272. 013 CRYPTREC SSL TL8S SSL TLS
273. 1 FIPS180 SP800 38 Mode of operation H _ key agreement DSA RSA De Elliptic curve 5 JUL _ 5 ee ET LBT ISO TR 11633 ISO TC215 1803 I SP800 56A FIPS186 DSS IST D lz HH gt DEL ETSI TS 101 733 CAdES ISO 17090 gt 150 TS 21547 XAdES ISO 21091 EHR ISO 27789 DSS NM HER Ta ISO 14533 S PAdES ASiC ISO TS 21298 ISO TR 11636 ER Functional and structural VPN roles Appendhx B 2
274. 13 6591 28 8 INFORMATION TECHNOLOGY PROMOTION AGENCY JAPAN 2 28 8 HONKOMAGOME BUNKYO KU TOKYO 113 6591 JAPAN 184 8795 2 1 NATIONAL INSTITUTE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY 4 2 1 NUKUI KITAMACHI KOGANEI TOKYO 184 8795 JAPAN
275. 4 7 lighttpd 1 4 29 nginx Java 8 Apache 2 4 6 Java 7 Appendix B 3 2048 Java 7 DHE 64 512 1024 1024 100 00 90 00 80 00 70 00 60 00 50 00 40 00 30 00 20 00 10 00 0 00 100 00 90 00 80 00 70 00 60 00 50 00 40 00 30 00 20 00 10 00 0 00 PFS DHE 87 49 Pd DHE 11 44 5 40 0 16 5 9996 0 00 9 38 6 00 6 8 0 09 0 58 0 00 0 02 0 00 512bits 768bits 1024bits 2048bits 3072bits 4096bits 8192bits ECDHE PFS 98 08 PFS ECDHE 0 00 0 01 0 36 0 88 0 14 0 00 0 00 0 35 0 81 0 10 B 163 P 224 P 384 P 521 B 571 4 DHE ECDHE Alexa SSL TLS 37
276. 56 RSA SHA 1 SHA 1 SHA 256 SHA 256 ECDSA 2013 5 RSA SHA 1 RSA 1024 2048 256 ECDSA
277. AC HMAC NN rr CBC 50 TLS1 0 TLS1 2 TLS1 2 2015 3 E BEAST Camellia BEAST TLS1 1 TLS1 2 RECS246 2008 SHA 256 SHA 384 CBC HE CBC gt GCM CCM BEAST
278. AEBS128 SHA AEBS128 GCM SHA256 AES128 SHA256 CAMELLIA128 SHA AES1 28 SHA DHE RSA AES256 CM SHA384 DHE RSA AES2S6 SHA256 DHB RSA CAMELLIA 256 SHA DHE RSA AES256 SHA AES256 CM SHA384 AES256 SHA256 CAMELLIA2S6 SH A ABS256 SHA ECDHE ECDSA ABS128 GCM SHA256 BCDHEB RSA ABS128 CM SHA256 DHE RSA ABS1 28 CM SHA256 DHE RSA AES128 SHA256 DHE RSA CAMELLIA128 SHA DHE RSA AES 128 SHA AES128 CM SHA256 AES128 SHA256 CAMELLIA128 SHA AES128 SHA ECDH E CDSA AES128 GCM SHA256 BCDH RSA AES128 GCM SHA256 BCDHB BCDSA ABS236 G CM SHA384 ECDHB RSA AES256 GCM SHA384 DHB RSA AES256 CM SHA384 DHE RS A AES256 SHA2S6 DHE RSA CAMBLLIA256 SHA DHE RSA ABS256 SHA AES256 CM S HA384 AES256 SHA256 CAMBLLIA256 SHA AES256 SHA BCDH BCDSA ABS256 CM SH A384 ECDH RSA AEBS256 GCM SHA384 DHE RSA AES128 GCM SHA256 DHE RSA ABS128 SHA2S6 DHE RSA CAMBLLIA128 SHA DHE RSA AES128 SHA AEBS128 GCM SHA256 AES128 SHA256 CAMELLIA128 SHA AES1 28 SHA DHE RSA AES256 CM SHA384 DHE RSA AES236 SHA256 DHB RSA CAMELLIA 256 SHA DHE RSA AES256 SHA AES256 CM SHA384 AES256 SHA256 CAMELLIA2S6 SH A ABS23S6 SHA RC4 SHA EDH RSA DBS CBC3 SHA DBS CBC3 SHA 46 DHE AESGCM RSA AESGCM DHEB CAMBLLIA DHE ABS RSA TCAMBLLIA RSA ABS DSS PSK SRP
279. AES_128_GCM_SHA256 0xC0 0x2B TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC0 0x13 C TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA2S6 0xC0 0x2D TLS_ECDH_RSA_WTITH_AES_128_CBC_SHA 0xC0 0xOBE D TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 OxC0 0x2C TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC0 0x14 SSL TLS 41 F TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC0 0x2E TLS_ECDH_RSA_WTITH_AES_256_CBC_SHA OxC0 0x0E 3 ECDHE ECDH 256 6 5 3 6 1 14 A B A A F
280. C 65 WG 10 National Body 1 PF member IEC TC65 16 e 3 6 e ISA 99 2 1 WG WG TG WG CD CDVTFDIS IEC TC 65 WG 10
281. CRYPTREC Report 2014 27 3 1 2014 SN ER SE EE EE EER 1 1 1 2 1 8 1 3 1 PR 1 3 2 WG NE NER IER RE EE EE NEI EE RS 1 3 3 WG RN IR RR NIR NG IR RN I ERI IR 1 4 CRYPTREC 2015 2 2 1 2 1 1 2 1 2 2 2 2 2 1 6 2 2 9 IT 2 2 8 IPA ul ul OR NC NO RS NG RR 2 8 2 3 1 2 3
282. E RE 85 C 2 1 Apache lighttpd nginx uci 85 C 2 2 OpenSSL 86 AppendixD CA tii 89 D 1 CA 89 D 2 Active Directory CA 91 SSL TLS 4 1 1 1 2015 3 SSL TLS SSL TLS 9 2 SSL TLS
283. EE802 Roberts Rule of Order Roberts Rule of Order lt gt 75 22 3 2 IEEE1888 TREE1888 lt gt lt gt lt gt lt gt WG 2
284. ETE 4 EU Regulation 1 2 1 ETS1 Associate Member REN e ETSI TC ESI 30 Technical Specification TS Technical Report TR TC ETSI Guide EG ETSI Standard ES EIN
285. G WG WG TCG 25 e TCG WG JREF TCG 9 00 10 00JST 1 WG 2 WG TC Technica1 Committee 3 BoD TCG IP
286. IEC JTC1 S ISO IEC7810 TPM2 0 Trusted System ISO IEC 7811 ID B O PH ISO IEC 11694 ISO IEC 24789 ISA 99 IEC TC65 KN ISO IEC 24727 15A 562443 OR App prog ISO IEC 11695 RFC3394 AES Key Wrap ISO IEC 24787 Algorithm smN lt _B 5 OHDPRM a ISO IEC 29192 ADC _ 4 gt 4 ISO IEC 9798 SS lt E ISO IEC 20009 SZ_ lt lt ISO IEC 18370 a ISO IEC 10116 ISO IEC 20008 5 so ec ANSI X9 63 ANSI X9 30 ANSI X9 3
287. S TLS ECDHE RSA WIIH CAMELLIA 128 GCM SHADS6 A 3 1 2 LI 1 TLS1 0 1 TLS1L0 2 lt 2 SSL2 0 SSL3 0 3 TLS1 2 SL Tm 5 TLS1 1 6 TLS1 1 Ww RSA SHA 256 2048 ECDSA SHA 256 256 NIST P 256 2 Sub ject Public Key Info Sub ject Public Key 1gorithm RSA 2048 256 3 9
288. SL2 0 IE6 X x IE7 x GO IE8 O IE9 5 E10 IE11 O O ON 4 OFFR SSL TLS 56 9 DOM POST POST SmartScreen SSL 2 0 SSL 3 0 TLS 1 TLS 1 1 TLS 1 2 1 I jnternet Explorer R jnternet Explorer
289. YPTREC WG A B A B
290. _256_CBC_SHA2S6 DHE RSA AES256 SHA2S6 TLS_DHE_RSA_ WITH_AES_128_CBC_SHA2S6 DHE RSA AES128 SHA2S6 TLS_DHE_RSA_ WITH_CAMELLIA 256_CBC_SHA DHE RSA CAMELLIA256 SHA TLS_DHE_RSA_ WITH_CAMELLIA_ 128 CBC_SHA DHE RSA CAMELLIA128 SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE RSA AES256 SHA TLS_DHE_RSA_ WITH_AES_128_CBC_SHA DHE RSA AES128 SHA TLS_RSA_WITH_AES_256_GCM_SHA384 AES256 CM SHA3S4 TLS_RSA_WITH_ AES_128_GCM_SHA23S6 AES128 CM SHA2S6 TLS_RSA_WITH AES_256_CBC_SHA2S6 AES256 SHA2S6 TLS_RSA_WITH AES_128_CBC_SHA2S6 AES128 SHA2S6 TLS_RSA_WITH CAMELLIA _ 256_SHA CAMELLIA2S6 SHA TLS_RSA_WITH_ CAMELLIA_128_SHA CAMELLIA128 SHA TLS_RSA_WITH_ AES_256_CBC_SHA AES256 SHA TLS_RSA_WITH_ AES_128_CBC_SHA AES128 SHA TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 ECDH RSA AES256 CM SHA3S4 TLS_ECDH_ECDSA_WITH_ABS_256_GCM_SHA384 ECDH ECDSA AES256 CM SHA384 TLS_ECDH_ECDSA_WITH_ABS_128_GCM_SHA2S6 ECDH ECDSA AES128 GCM SHA2S6 TLS_ECDH_RSA_WITH_ AES_128_GCM_SHA2S6 ECDH RSA ABS128 GCM SHA2S6 TLS_RSA_WITH_RC4_128_SHA RC4 SHA TLS_DHE_RSA_WITH_3DBS_EDE_CBC_SHA EDH RSA DES CBC3 SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA DES CBC3 SHA SSL TLS 88 AppendixD CA D 1 CA
291. _AEBS_128_GCM_SHA256_P256 TLS_BCDHE_ECDSA_WTITH_AE S_128_CBC_SHA256_P256 TLS_ECDHE_RSA_WITH_ AES_128_CBC_SHA256_P256 TLS_EC DHE_ECDSA_WITH_AEBS_128_CBC_SHA_P256 TLS_BCDHE_RSA_WITH_ AES_128_CBC_S HA_P256 TLS_RSA_WITH_ AES_128_ CBC_SHA2S6 TLS_RSA_WITH_AES_128_CBC_SHA T LS_ECDHE_ECDSA_WITH_ABS_256_GCM_SHA384_P384 TLS_ECDHE_ECDSA_WITH_AES _256_CBC_SHA384_P384 TLS_EBCDHE_RSA_WITH_AES_256_CBC_SHA384_P256 TLS_ECD HE_ECDSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SH A_P256 TLS_RSA_WITH_AES_256_CBC_SHA2S56 TLS_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_BCDSA_WITH_ABS_128_GCM_SHA256_P256 TLS_BCDHE_ECDSA_WTTH_AE S_128_CBC_SHA256_P256 TLS_ECDHE_RSA_WITH_ AES_128 CBC_SHA256_P256 TLS_EC DHE_ECDSA_WITH_AES_128_CBC_SHA_P256 TLS_BCDHE_RSA_WITH_ AES_128_CBC_S HA_P2S6 TLS_RSA_WITH_ AES_128_ CBC_SHA2S6 TLS_RSA_WITH_AES_128_CBC_SHA T LS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 TLS_ECDHE_BCDSA_WITH_AES _256_CBC_SHA384_P384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256 TLS_ECD HE_ECDSA_WITH_AES_256_CBC_SHA_P256 TLS_EBCDHE_RSA_WITH_AES_256_CBC_SH A_P2S6 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS _ RSA_WITH_RC4_128_SHA TLS_RSA_WITH_3DES_EBDE_CBC_SHA A gt OK
292. ameters Report 2013 recommendations SSL TLS 34 6 3 1 Perfect Forward Secrecy OpenSSL Heartbleed Bug Dual_EC_DRGB ER SSL TLS
293. channel Protocols SSL 2 0 Server DisabledByDefault dword 00000001 HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Control SecurityProviders Schannel Protocols SSL 3 0 Server DisabledByDefault dword 00000001 HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Control SecurityProviders Schannel Protocols SSL 2 0 Server DisabledByDefault dword 00000001 B 3 B 3 1 OpenSSL DHE ECDH ECDHE OpenSSL DHE 2048 SSL TLS 75 openssl dhparam out dh2048 pem outform PEM 2048 ECDH ECDHE 256 openssl ecparam out prime256v1 pem name prime256vl1 B 3 2 Apache DHE ECDH ECDHE SSLCertificateFile PEM SSL Apache 2 4 7 SSLCertificateFile DHE ECDH ECDHE
294. e Directory CA B sa Group Policy ee Ss Group Policy A 2 Active Directory B Active Directory Windows SSL TLS 91 Appendhx B 1 O 1 D AT O 2015 2
295. fox Firefox 34 Firefox ESR 31 3 0 SSL3 0 SSL TLS 59 9 9 1 VPN over SSL SSL VPN SSL VPN SSL VPN SSL VPN SSLYPN VPN TIPsec VPN VPN VPN SSL TLS Appendix A 3 Appendix A 2 SSL VPN
296. on ISO JTC LSC 6 JTC 1 SC 27 JTC 1 SC 31 JTC 1 SC 37 ISO TC 68 ISO IEC JTC LSC 17 Cards and personal identification http www iso org iso home standards_development Hst_of_ iso_technical_committ ees iso_technical_committee htm commid 45144 ISO IEC JTC 1 SC 27 UE 1 5 1 1 e WG TT WG Webx WebEx 1 2
297. pendix B 3 1 Appendix B 1 3 SSL TLS 76 DHE 2048 ssl_dhparam etc ssl dh2048 pem ECDH ECDHE 256 ssl_ecdh_curve prime236V1 B 4 HTTP Strict Transport Security HSTS B 4 1 Apache HTTP HSTS max age 36S 31 336 000 includeSubDomains Header always set Strict Transport Security max age 31536000 includeSubDomains HTTP HTTPS lt VirtualHost 80 gt RewriteRule RewriteEngine NM lt VirtualHost 80 gt ServerAlias
298. rict Transport Security OCSP Stapling Public Key Pinnins 7 2 Appendix B 4 lt VirtualHost gt etc ssl chain crt etc ssl1 server key SSL TLS 71 B 1 2 lighttpd modules conf lighttpd conf lighttpd Lmodules conf SerVer modules lighttpd conf mod_setenv SERVER socket 0 0 0 0 443 B 1 3 nginx nginx conf ssl engine enable ssl pemfile etc ssl serverkey_cert pem ul ssl ca file etc ssl ca crt ssl cipher list Appendix C 2 Appendix B 2 2 ssluse
299. tion polcy asDX http 7blog chromium org 2014709 gradually sunsetting sha 1 html https sgroups google com a chromium org forum topic security dev ONVVo4_dyOQE https wiki mozilla org CA MDSand1024 1 CN LDL oo NN https blog mozilla org security 2014 09 23 phasing out certificates with sha 1 based signaturealgorith ms SSL TLS 58 8 3 2 SSL3 0 POODLE SSL3 0 Internet Explorer MS15 032 Internet Explorer 3038314 TInmternet Explorer 11 SSL3 0 Internet Explorer SSL3 0 URL 3009008 https technet microsoft com ja jp hbrary security 3009008 aspx Google Chrome Chrome 40 SSL3 0 Fire
300. ttpd 1 4 28 nginx 1 1 19 gt IIS e gt Chrome 4 0 211 0 Firefox Firefox 17 Opera Opera 12 gt gt Vv Vv Safari Mac OS X Mavericks Internet Explorer Windows 10 IE SSL TLS 48 7 2 2 5 HTTP

CRYPTREC Report 2014 暗号技術活用委員会報告

Contents

Download Pdf Manuals

Related Search

Related Contents