<div class="post-text" itemprop="text"> <p>I'm trying to install etcctl from github. (P.S I don't know golang)</p> <p><code>git config --global http.sslVerify false go get github.com/coreos/etcd/etcdctl </code></p> <p>But I'm hitting the following. <code> github.com/coreos/etcd/vendor/go.uber.org/zap /root/projects/src/src/github.com/coreos/etcd/vendor/go.uber.org/zap/field.go:33: syntax error: unexpected = in type declaration github.com/coreos/etcd/pkg/tlsutil /root/projects/src/src/github.com/coreos/etcd/pkg/tlsutil/cipher_suites.go:26: undefined: tls.TLS_RSA_WITH_AES_128_CBC_SHA256 /root/projects/src/src/github.com/coreos/etcd/pkg/tlsutil/cipher_suites.go:36: undefined: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 /root/projects/src/src/github.com/coreos/etcd/pkg/tlsutil/cipher_suites.go:37: undefined: tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 /root/projects/src/src/github.com/coreos/etcd/pkg/tlsutil/cipher_suites.go:42: undefined: tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 /root/projects/src/src/github.com/coreos/etcd/pkg/tlsutil/cipher_suites.go:43: undefined: tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 </code></p> </div>

  web.xml配置好了，如下 ``` <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true" keystoreFile="cert/domain.pfx" keystoreType="PKCS12" keystorePass="9La5wA0w" clientAuth="false" SSLProtocol="SSL" ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,、 TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256"/> ``` 请问怎么才能用https+域名访问呢？证书是在阿里云上申请的有效期一年的证书。

代码如下： HttpClient httpclient = new DefaultHttpClient(); SSLContext ctx = SSLContext.getInstance("TLS"); X509TrustManager tm = new X509TrustManager() { public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException { } public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException { } public X509Certificate[] getAcceptedIssuers() { return null; } }; ctx.init(null, new TrustManager[]{tm},null ); System.out.println("缺省安全套接字使用的协议: " + ctx.getProtocol()); // 获取SSLContext实例相关的SSLEngine SSLEngine en = ctx.createSSLEngine(); System.out .println("支持的协议: " + Arrays.asList(en.getSupportedProtocols())); System.out.println("启用的协议: " + Arrays.asList(en.getEnabledProtocols())); System.out.println("支持的加密套件: " + Arrays.asList(en.getSupportedCipherSuites())); System.out.println("启用的加密套件: " + Arrays.asList(en.getEnabledCipherSuites())); 本机运行结果： 缺省安全套接字使用的协议: TLS 支持的协议: [SSLv2Hello, SSLv3, TLSv1] 启用的协议: [SSLv2Hello, SSLv3, TLSv1] 支持的加密套件: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_WITH_NULL_MD5, SSL_RSA_WITH_NULL_SHA, SSL_DH_anon_WITH_RC4_128_MD5, TLS_DH_anon_WITH_AES_128_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5] 启用的加密套件: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] 这里如何指定启用的加密套件为TLS_RSA_WITH_AES_128_CBC_SHA,而不是默认的SSL_RSA_WITH_RC4_128_MD5

我按照阿里云提供的教程安装并配置了ssl证书，但是始终无法用https访问，http访问没问题，下面是各个端口的配置： <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" /> <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" scheme="https" secure="true" keystoreFile="C:\mysoft\apache-tomcat-8.0.38\apache-tomcat-8.0.38\conf\cert\214217316210179.pfx" keystoreType="PKCS12" keystorePass="214217316210179" clientAuth="false" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2" ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/> <Connector port="8009" protocol="AJP/1.3" redirectPort="443" /> 求大佬救急！！！

在web应用中启用了https配置。其中在server.xml中配置了80端口转443端口的配置，也在web.xml中进行https强制转换，具体见： <login-config> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</realm-name> </login-config> <security-constraint> <web-resource-collection > <web-resource-name >SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> server中的配置为： <Connector connectionTimeout="20000" port="80" protocol="HTTP/1.1" redirectPort="443"/> <Connector SSLEnabled="true" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA" clientAuth="false" keystoreFile="xxxx" keystorePass="xxxx" maxThreads="150" port="443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS" truststoreFile="xxxx" truststorePass="xxxx"/> 现在要求：在https请求中，混用http请求，该如何配置。

<div class="post-text" itemprop="text"> <p>How do you get the name of a constant given its value ?</p> <p>More specifically (and to get a more readable understanding), I'm working with the <code>crypto/tls</code> package. Cipher suites are defined as constants:</p> <pre><code>const ( TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005 TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000a TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002f TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035 TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xc011 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xc012 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xc013 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xc014 ) </code></pre> <p>After a successful handshake with a server, I can get to the Ciphersuite agreed on through the connection:</p> <pre><code>c, _ := tls.Dial("tcp", "somedomain.com:443", nil) // Suppose everything went right // This is the Ciphersuite for the conn: cipher := c.ConnectionState().Ciphersuite </code></pre> <p><code>cipher</code> here is an uint16. Is there a way to display it as a string, for instance <code>TLS_RSA_WITH_3DES_EDE_CBC_SHA</code> if that's what was agreed upon ?</p> </div>

<div class="post-text" itemprop="text"> <p>my tls.Config is set to not use ECDHE exchange so i can monitor my traffic in wireshark without having to get the client's keys.</p> <pre><code> config = &amp;tls.Config{ Certificates: []tls.Certificate{cpair}, MinVersion: tls.VersionTLS12, PreferServerCipherSuites: true, ClientAuth: tls.NoClientCert, CipherSuites: []uint16{tls.TLS_RSA_WITH_AES_256_CBC_SHA, tls.TLS_RSA_WITH_RC4_128_SHA, tls.TLS_RSA_WITH_AES_128_CBC_SHA, }, } </code></pre> <p>however, when analyzing the traffic in wireshark, i still see the connection being made with a ECDHE ciper suiete:</p> <pre><code> 62 ssl_decrypt_pre_master_secret: session uses Diffie-Hellman key exchange (cipher suite 0xC014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) and cannot be decrypted using a RSA private key file. </code></pre> </div>

java.net.UnknownServiceException: Unable to find acceptable protocols. isFallback=false, modes=[ConnectionSpec(cipherSuites=[TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384], tlsVersions=[TLS_1_2], supportsTlsExtensions=true)], supported protocols=[TLSv1.2] 5.0以上的版本就没有问题 请问缺少的协议可以安装或者添加吗？ 或者有其他方法解决这个问题吗？ 系统也是可以修改的

c#用httpwebrequest如何模拟抓取这样的网页信息，下面内容是用fiddler抓取的。 CONNECT user.cloudcall.hk:8080 HTTP/1.0 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1) AppleWebKit Host: user.cloudcall.hk:8080 Content-Length: 0 Connection: Keep-Alive Pragma: no-cache A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.1 (TLS/1.0) Random: 52 79 06 13 A5 00 6B A2 19 9E 99 D6 BA E3 7E 93 BD 8B A1 26 18 3A 21 E7 F0 31 4C 4F 58 4A 41 73 SessionID: empty Extensions: renegotiation_info 00 server_name user.cloudcall.hk status_request 01 00 00 00 00 elliptic_curves 00 04 00 17 00 18 ec_point_formats 01 00 Ciphers: [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [0005] SSL_RSA_WITH_RC4_128_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [0032] TLS_DHE_DSS_WITH_AES_128_SHA [0038] TLS_DHE_DSS_WITH_AES_256_SHA [0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA [0004] SSL_RSA_WITH_RC4_128_MD5 Compression: [00] NO_COMPRESSION

<div class="post-text" itemprop="text"> <p>I tried to retrieve data from "<a href="https://api.softtouch.eu/#/xxxxxxxx/#/customers?take=100" rel="nofollow">https://api.softtouch.eu/#/xxxxxxxx/#/customers?take=100</a>" using Java. </p> <p>Also I tried to fix the problem with https using following options:-</p> <ol> <li><p>Added certificate (.pem extension file) to the keystore ($JAVA_HOME/jre/lib/security/cacerts) using Java keytool</p></li> <li><p>Added certificate authority to Ubuntu (/usr/local/share/ca-certificates) using update-ca-certificates command.</p></li> <li><p>Finally tried to disable the certificate validation and connect to the server. (SoftTouchConnection class and custom TrustAllX509TrustManager class here.)</p> <pre><code>package com.softtouch.com; import java.io.BufferedReader; import java.io.InputStreamReader; import java.net.URL; import java.security.Security; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import org.apache.commons.codec.binary.Base64; public class SoftTouchConnection { public static void main(String[] args) { try { System.out.println(System.getProperty("java.version")); System.setProperty("javax.net.debug", "ssl"); System.setProperty("sun.net.ssl.checkRevocation", "false"); java.lang.System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true"); Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); SSLContext sc = SSLContext.getInstance("SSL");//TLSv1.2 sc.init(null, new TrustManager[] {new TrustAllX509TrustManager() }, null);//new java.security.SecureRandom() HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String string, SSLSession ssls) { System.out.println("test HttpsURLConnection"); return true; } }); String userCredentialsnew = "abcdefghij01234567890klmnopqrstuvwxyz987";//"bearer abcdefghij01234567890klmnopqrstuvwxyz987"; String basicAuth = "Basic "+ new String(new Base64().encode(userCredentialsnew.getBytes()));; //+ new String(new Base64().encode(userCredentials.getBytes())); URL hh= new URL("https://api.softtouch.eu/#/xxxxxxxx/#/customers?take=100"); HttpsURLConnection conn = (HttpsURLConnection)hh.openConnection(); conn.setSSLSocketFactory(sc.getSocketFactory()); conn.setHostnameVerifier( new HostnameVerifier() { @Override public boolean verify(String string, SSLSession ssls) { System.out.println("test conn"); return true; } }); conn.setDoInput(true); conn.setDoOutput(false); conn.setUseCaches(false); conn.setRequestMethod("GET"); conn.setRequestProperty ("Authorization", basicAuth); conn.connect(); BufferedReader inn = new BufferedReader(new InputStreamReader(conn.getInputStream())); String inputLine; while ((inputLine = inn.readLine()) != null) { System.out.println(inputLine); } } catch (Exception e) { e.printStackTrace(); } } } package com.softtouch.com; import javax.net.ssl.X509TrustManager; import java.security.cert.X509Certificate; public class TrustAllX509TrustManager implements X509TrustManager { public X509Certificate[] getAcceptedIssuers() { System.out.println("test1"); //return new X509Certificate[0]; return null; } public void checkClientTrusted(java.security.cert.X509Certificate[] certs,String authType) { System.out.println("test2"); } public void checkServerTrusted(java.security.cert.X509Certificate[] certs,String authType) { System.out.println("test3"); } } </code></pre></li> </ol> <p>But so far I could not solve the problem. I received the"javax.net.ssl.SSLHandshakeException". I want connect to the server using Java. <strong>What will be the reason for this issue?</strong></p> <p>Note:- I tested "<a href="https://api.softtouch.eu/#/accounts/#/xxxxxxxx?take=100" rel="nofollow">https://api.softtouch.eu/#/accounts/#/xxxxxxxx?take=100</a>" connection with PHP. It is working well. But PHP source file has used following line to disable the SSL verification. curl_setopt($httpRequest, CURLOPT_SSL_VERIFYPEER, FALSE);</p> <p>This is the SSL debug text:- *** ClientHello, TLSv1.2 RandomCookie: GMT: 1425473345 bytes = { 113, 222, 27, 25, 227, 136, 38, 249, 128, 230, 125, 228, 156, 5, 175, 99, 22, 55, 227, 185, 101, 32, 160, 186, 72, 167, 247, 166 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA</p> <hr> <p>main, WRITE: TLSv1.2 Handshake, length = 195 main, READ: TLSv1.2 Alert, length = 2 main, RECV TLSv1.2 ALERT: fatal, handshake_failure main, called closeSocket()</p> </div>

**急！！使用的JDK版本是1.8，使用代码查看是支持tls1.2加密方式的，但是现在使用TLS_RSA_WITH_AES_256_CBC_SHA256就报No appropriate protocol而使用TLS_RSA_WITH_AES_256_CBC_SHA可以连接成功，想请教下大神问题出在哪里啊？

CC ../src/drivers/drivers.c CC ../src/l2_packet/l2_packet_linux.c ../src/wps/wps_common.o: In function `wps_derive_keys': /home/atheros/Atheros-P2P/wpa_supplicant-2.1/wpa_supplicant/../src/wps/wps_common.c:101: undefined reference to `sha256_vector' ../src/wps/wps_enrollee.o: In function `wps_process_pubkey': /home/atheros/Atheros-P2P/wpa_supplicant-2.1/wpa_supplicant/../src/wps/wps_enrollee.c:519: undefined reference to `sha256_vector' ../src/crypto/tls_openssl.o: In function `openssl_tls_cert_event': /home/atheros/Atheros-P2P/wpa_supplicant-2.1/wpa_supplicant/../src/crypto/tls_openssl.c:1346: undefined reference to `sha256_vector' ../src/crypto/tls_openssl.o: In function `tls_verify_cb': /home/atheros/Atheros-P2P/wpa_supplicant-2.1/wpa_supplicant/../src/crypto/tls_openssl.c:1421: undefined reference to `sha256_vector' ../src/crypto/crypto_openssl.o: In function `crypto_hash_init': /home/atheros/Atheros-P2P/wpa_supplicant-2.1/wpa_supplicant/../src/crypto/crypto_openssl.c:620: undefined reference to `EVP_sha256' ../src/crypto/crypto_openssl.o: In function `hmac_sha256_vector': /home/atheros/Atheros-P2P/wpa_supplicant-2.1/wpa_supplicant/../src/crypto/crypto_openssl.c:754: undefined reference to `EVP_sha256' collect2: error: ld returned 1 exit status make: *** [wpa_supplicant] Error 1 root@atheros:/home/atheros/Atheros-P2P/wpa_supplicant-2.1/wpa_supplicant#

<div class="post-text" itemprop="text"> <p>I am a GO newbie. I am trying to convert a curl command to GOlang. </p> <pre><code>curl --cacert "pki/ca.crt" \ -H "Authorization: Bearer my_bearer_token" \ --insecure \ --max-time 5 --fail --output /dev/null --silent \ "https://myserver/status"; do </code></pre> <p>This is what I have got:</p> <pre><code>mTLSConfig := &amp;tls.Config { CipherSuites: []uint16 { tls.TLS_RSA_WITH_RC4_128_SHA, tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, tls.TLS_RSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, tls.TLS_RSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, }, InsecureSkipVerify: true, // --insecure } mTLSConfig.PreferServerCipherSuites = true mTLSConfig.MinVersion = tls.VersionTLS10 mTLSConfig.MaxVersion = tls.VersionTLS10 certs := x509.NewCertPool() certs.AppendCertsFromPEM([]byte(caCert)) mTLSConfig.RootCAs = certs tr := &amp;http.Transport{ TLSClientConfig: mTLSConfig, } client := &amp;http.Client{Transport: tr} req, _ := http.NewRequest("GET", "https://myserver/status", nil) req.Header.Set("Authorization", fmt.Sprintf("Bearer my_bearer_token")) resp, err := client.Do(req) glog.V(4).Info(resp, err) if err != nil { return true } return false </code></pre> <p>Am I doing it right?</p> </div>

<div class="post-text" itemprop="text"> <p>I have a cert file, that location is: <code>/usr/abc/my.crt</code> and I want to use that cert for my tls config, so that my http client uses that certificate when communicate with other servers. My current code is as follows:</p> <pre><code>mTLSConfig := &amp;tls.Config { CipherSuites: []uint16 { tls.TLS_RSA_WITH_RC4_128_SHA, tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, tls.TLS_RSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, tls.TLS_RSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, } } mTLSConfig.PreferServerCipherSuites = true mTLSConfig.MinVersion = tls.VersionTLS10 mTLSConfig.MaxVersion = tls.VersionTLS10 tr := &amp;http.Transport{ TLSClientConfig: mTLSConfig, } c := &amp;http.Client{Transport: tr} </code></pre> <p>So how to assign a certificate in my TLS config? I see the certificate settings at <a href="http://golang.org/pkg/crypto/tls/#Config">http://golang.org/pkg/crypto/tls/#Config</a> can someone suggest how to config my cert location there?</p> <p><code>mTLSConfig.Config{Certificates: []tls.Certificate{'/usr/abc/my.crt'}}</code> &lt;-- is wrong because I am passing string.right? I DON'T have ANY other files such as .pem or .key etc, just only this my.cert. I am blank how to do it?</p> <p>Earlier, I had edited the go source code <a href="http://golang.org/src/pkg/crypto/x509/root_unix.go">http://golang.org/src/pkg/crypto/x509/root_unix.go</a> and added <code>/usr/abc/my.crt</code> after line no. 12 and it worked. But the problem is my certificate file location can change, so I have removed the hardcoded line from root_unix.go and trying to pass it dynamically, when building TLSConfig.</p> </div>

<div class="post-text" itemprop="text"> <p>I have been scratching my head for way too long with this one - my issue is rather trivial however I cannot really figure it out myself: how does one serve static files over HTTPS in Go?</p> <p>So far I have tried using both <code>HTTP.ServeFile</code> and <code>mux.Handle</code> with no particular success whatsoever.</p> <pre><code>func main() { mux := http.NewServeMux() mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains") http.ServeFile(w, req, "./static") }) cfg := &amp;tls.Config{ MinVersion: tls.VersionTLS12, CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256}, PreferServerCipherSuites: true, CipherSuites: []uint16{ tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, tls.TLS_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_RSA_WITH_AES_256_CBC_SHA, }, } srv := &amp;http.Server{ Addr: ":8080", Handler: mux, TLSConfig: cfg, TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0), } log.Fatal(srv.ListenAndServeTLS("./server.rsa.crt", "./server.rsa.key")) } </code></pre> <p>Any help is appreciated, thanks!</p> </div>

<div class="post-text" itemprop="text"> <p>When I try install to composer on my system, it always gives me this error </p> <pre><code> The "https://getcomposer.org/versions" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed Failed to enable crypto failed to open stream: operation failed </code></pre> <p>I used the php -r 'print_r(openssl_get_cert_locations());' command to see the php default cert locations and the result is below: </p> <pre><code> Array ( [default_cert_file] =&gt; C:\usr\local\ssl/cert.pem [default_cert_file_env] =&gt; SSL_CERT_FILE [default_cert_dir] =&gt; C:\usr\local\ssl/certs [default_cert_dir_env] =&gt; SSL_CERT_DIR [default_private_dir] =&gt; C:\usr\local\ssl/private [default_default_cert_area] =&gt; C:\usr\local\ssl [ini_cafile] =&gt; C:\xampp\apache\cert.pem [ini_capath] =&gt; ) </code></pre> <p>C:\usr\local\ssl/cert.pem does not exist so I then downloaded an ssl cert from <a href="http://curl.haxx.se/ca/cacert.pem" rel="nofollow noreferrer">http://curl.haxx.se/ca/cacert.pem</a> and manually created the C:\usr\local\ssl/cert.pem but still no success. I really need a solution as I'm out of options or is there a way I can bypass the ssl cert validation. </p> </div>

项目部署在服务器后是apache+tomcat部署的，一旦启用https ssl就不解析jsp了，关掉就又解析jsp了！大佬帮我看一下这个是怎么了！ server.xml ``` <Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> <Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener" /> <Listener className="org.apache.catalina.core.JasperListener" /> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> <GlobalNamingResources> <Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase" /> </GlobalNamingResources> <Service name="Catalina"> <Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443" /> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> <Connector port="443" protocol="org.apache.coyote.http1.1.Http11Protocol" SSLEnabled="true" scheme="https" secure="true" keystoreFile="/www/server/tomcat/cert/214362308490897.pfx" keystoreType="PKCS12" keystorePass="214362308490897" clientAuth="false" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2" ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/> <Engine defaultHost="localhost" name="Catalina"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" /> </Realm> <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true"> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t &quot;%r&quot; %s %b" prefix="localhost_access_log." suffix=".txt" /> </Host> <Host appBase="/www/wwwroot/yananhuazai.cn" autoDeploy="true" name="yananhuazai.cn" unpackWARs="true" xmlNamespaceAware="false" xmlValidation="false"> <Context crossContext="true" docBase="/www/wwwroot/yananhuazai.cn" path="" reloadable="true" /> </Host> </Engine> </Service> </Server> ``` 是项目打成war包放进去的！ 

今天写了一个TLS测试，在32位下通过，64位下不成功，所以64位下该怎么写TLS回调函数呢？代码如下： ``` #pragma comment(linker,"/INCLUDE:__tls_used") void NTAPI MY_TLS_CALLBACK(PVOID DllHandle, DWORD Reason, PVOID Reserved); //TLS回调函数测试 void NTAPI MY_TLS_CALLBACK(PVOID DllHandle, DWORD Reason, PVOID Reserved) { if (Reason == DLL_PROCESS_ATTACH) { MessageBox(NULL, L"TLSTest!", NULL, MB_OK); } } #pragma data_seg(".CRT$XLX") PIMAGE_TLS_CALLBACK pTLS_CALLBACKs[] = { MY_TLS_CALLBACK,0 }; #pragma data_seg() ``` 报错：dllmain.obj : error LNK2001: 无法解析的外部符号 __tls_used

大学四年，看课本是不可能一直看课本的了，对于学习，特别是自学，善于搜索网上的一些资源来辅助，还是非常有必要的，下面我就把这几年私藏的各种资源，网站贡献出来给你们。主要有：电子书搜索、实用工具、在线视频学习网站、非视频学习网站、软件下载、面试/求职必备网站。 注意：文中提到的所有资源，文末我都给你整理好了，你们只管拿去，如果觉得不错，转发、分享就是最大的支持了。 一、电子书搜索 对于大部分程序员...

今年，我也32了 ，为了不给大家误导，咨询了猎头、圈内好友，以及年过35岁的几位老程序员……舍了老脸去揭人家伤疤……希望能给大家以帮助，记得帮我点赞哦。 目录： 你以为的人生 一次又一次的伤害 猎头界的真相 如何应对互联网行业的「中年危机」 一、你以为的人生 刚入行时，拿着傲人的工资，想着好好干，以为我们的人生是这样的： 等真到了那一天，你会发现，你的人生很可能是这样的： ...

文章目录Java概述何为编程什么是Javajdk1.5之后的三大版本JVM、JRE和JDK的关系什么是跨平台性？原理是什么Java语言有哪些特点什么是字节码？采用字节码的最大好处是什么什么是Java程序的主类？应用程序和小程序的主类有何不同？Java应用程序与小程序之间有那些差别？Java和C++的区别Oracle JDK 和 OpenJDK 的对比基础语法数据类型Java有哪些数据类型switc...

数据结构与算法思维导图

昨天早上通过远程的方式 review 了两名新来同事的代码，大部分代码都写得很漂亮，严谨的同时注释也很到位，这令我非常满意。但当我看到他们当中有一个人写的 switch 语句时，还是忍不住破口大骂：“我擦，小王，你丫写的 switch 语句也太老土了吧！” 来看看小王写的代码吧，看完不要骂我装逼啊。 private static String createPlayer(PlayerTypes p...

互联网公司工作，很难避免不和黑客们打交道，我呆过的两家互联网公司，几乎每月每天每分钟都有黑客在公司网站上扫描。有的是寻找 Sql 注入的缺口，有的是寻找线上服务器可能存在的漏洞，大部分都...

整理 |屠敏出品 | CSDN（ID：CSDNnews）2020 年 1 月 14 日，微软正式停止了 Windows 7 系统的扩展支持，这意味着服役十年的 Windows 7，属于...

loonggg读完需要3分钟速读仅需 1 分钟大家好，我是你们的校长。我之前讲过，这年头，只要肯动脑，肯行动，程序员凭借自己的技术，赚钱的方式还是有很多种的。仅仅靠在公司出卖自己的劳动时...

前言学习《HTML5与CSS3权威指南》这本书很不错，学完之后我颇有感触，觉得web的世界开明了许多。这本书是需要有一定基础的web前端开发工程师。这本书主要学习HTML5和css3，看...

昨天看到一档综艺节目，讨论了两个话题：（1）中国学生的数学成绩，平均下来看，会比国外好？为什么？（2）男生的数学成绩，平均下来看，会比女生好？为什么？同时，我又联想到了一个技术圈经常讨...

故事总是一个接着一个到来...上周写完《鲁大师已经彻底沦为一款垃圾流氓软件！》这篇文章之后，鲁大师的市场工作人员就找到了我，希望把这篇文章删除掉。经过一番沟通我先把这篇文章从公号中删除了...

提到“程序员”，多数人脑海里首先想到的大约是：为人木讷、薪水超高、工作枯燥…… 然而，当离开工作岗位，撕去层层标签，脱下“程序员”这身外套，有的人生动又有趣，马上展现出了完全不同的A/B面人生！ 不论是简单的爱好，还是正经的副业，他们都干得同样出色。偶尔，还能和程序员的特质结合，产生奇妙的“化学反应”。 @Charlotte：平日素颜示人，周末美妆博主 大家都以为程序媛也个个不修边幅，但我们也许...

文章目录数据库基础知识为什么要使用数据库什么是SQL？什么是MySQL?数据库三大范式是什么mysql有关权限的表都有哪几个MySQL的binlog有有几种录入格式？分别有什么区别？数据类型mysql有哪些数据类型引擎MySQL存储引擎MyISAM与InnoDB区别MyISAM索引与InnoDB索引的区别？InnoDB引擎的4大特性存储引擎选择索引什么是索引？索引有哪些优缺点？索引使用场景（重点）...

关注、星标公众号，不错过精彩内容作者：黄工公众号：strongerHuang最近ST官网悄悄新上线了一款比较强大的工具：STM32CubeMonitor V1.0.0。经过我研究和使用之...

腾讯后台面试，面试官问：如何自己实现队列？

有个好朋友ZS，是技术总监，昨天问我：“有一个老下属，跟了我很多年，做事勤勤恳恳，主动性也很好。但随着公司的发展，他的进步速度，跟不上团队的步伐了，有点...

私下里，有不少读者问我：“二哥，如何才能写出一份专业的技术简历呢？我总感觉自己写的简历太烂了，所以投了无数份，都石沉大海了。”说实话，我自己好多年没有写过简历了，但我认识的一个同行，他在阿里，给我说了一些他当年写简历的方法论，我感觉太牛逼了，实在是忍不住，就分享了出来，希望能够帮助到你。 01、简历的本质 作为简历的撰写者，你必须要搞清楚一点，简历的本质是什么，它就是为了来销售你的价值主张的。往深...

本项目效果初始截图如下 动画见本人b站投稿：https://www.bilibili.com/video/av95491382 本项目对应github地址：https://github.com/BigShuang python版本：3.6，pygame版本：1.9.3。（python版本一致应该就没什么问题） 样例gif如下 ======================= 大爽歌作，mad

Redis核心原理与应用实践 在很多场景下都会使用Redis，但是到了深层次的时候就了解的不是那么深刻，以至于在面试的时候经常会遇到卡壳的现象，学习知识要做到系统和深入，不要把Redis想象的过于复杂，和Mysql一样，是个读取数据的软件。 有一个理解是Redis是key value缓存服务器，更多的优点在于对value的操作更加丰富。 安装 yum install redis #yum安装 b...

作者 |Charles R. Martin译者 | 弯月，责编 | 夕颜头图 |付费下载自视觉中国出品 | CSDN（ID:CSDNnews）新手...

即将毕业的应届毕业生一枚，现在只拿到了两家offer，但最近听到一些消息，其中一个offer，我这个组据说客户很少，很有可能整组被裁掉。 想问大家： 如果我刚入职这个组就被裁了怎么办呢？ 大家都是什么时候知道自己要被裁了的？ 面试软技能指导: BQ/Project/Resume 试听内容： 除了刷题，还有哪些技能是拿到offer不可或缺的要素 如何提升面试软实力：简历, 行为面试，沟通能...

如果世界上都是这种不思进取的软件公司，那别说大部分程序员只会写 3 年代码，恐怕就没有程序员这种职业。

有小伙伴问松哥这个问题，他在上海某公司，在离职了几个月后，前公司的领导联系到他，希望他能够返聘回去，他很纠结要不要回去？ 俗话说好马不吃回头草，但是这个小伙伴既然感到纠结了，我觉得至少说明了两个问题：1.曾经的公司还不错；2.现在的日子也不是很如意。否则应该就不会纠结了。 老实说，松哥之前也有过类似的经历，今天就来和小伙伴们聊聊回头草到底吃不吃。 首先一个基本观点，就是离职了也没必要和老东家弄的苦...

阿里巴巴全球数学竞赛（ Alibaba Global Mathematics Competition）由马云发起，由中国科学技术协会、阿里巴巴基金会、阿里巴巴达摩院共同举办。大赛不设报名门槛，全世界爱好数学的人都可参与，不论是否出身数学专业、是否投身数学研究。 2020年阿里巴巴达摩院邀请北京大学、剑桥大学、浙江大学等高校的顶尖数学教师组建了出题组。中科院院士、美国艺术与科学院院士、北京国际数学...

不知道是不是只有我这样子，还是你们也有过类似的经历。 上学的时候总有很多光辉历史，学年名列前茅，或者单科目大佬，但是虽然慢慢地长大了，你开始懈怠了，开始废掉了。。。 什么？你说不知道具体的情况是怎么样的？ 我来告诉你： 你常常潜意识里或者心理觉得，自己真正的生活或者奋斗还没有开始。总是幻想着自己还拥有大把时间，还有无限的可能，自己还能逆风翻盘，只不是自己还没开始罢了，自己以后肯定会变得特别厉害...

面试官问HTTP与HTTPS的区别，我这样回答让他竖起大拇指！

虽然大公司并不是人人都能进，但我仍建议还未毕业的同学，尽力地通过校招向大公司挤，但凡挤进去，你这一生会容易很多。 大公司哪里好？没能进大公司怎么办？答案都在这里了,记得帮我点赞哦。 目录： 技术氛围 内部晋升与跳槽 啥也没学会，公司倒闭了？ 不同的人脉圈，注定会有不同的结果 没能去大厂怎么办？ 一、技术氛围 纵观整个程序员技术领域，哪个在行业有所名气的大牛，不是在大厂? 而且众所...

往往，我们看不进去大段大段的逻辑。深刻的哲理，往往短而精悍，一阵见血。问：产品经理挺漂亮的，有点心动，但不知道合不合得来。男生更看重女生的身材脸蛋，还是...

本文作者用对比非常鲜明的两个开发团队的故事，讲解了敏捷开发之道 —— 如果你的团队缺乏统一标准的环境，那么即使勤劳努力，不仅会极其耗时而且成果甚微，使用...

二哥，有个事想询问下您的意见，您觉得应届生值得去外包吗？公司虽然挺大的，中xx，但待遇感觉挺低，马上要报到，挺纠结的。

面试阿里p7被问到的问题(当时我只知道第一个)：@Conditional是做什么的?@Conditional多个条件是什么逻辑关系？条件判断在什么时候执...