Cloudflare 總算是提供付費方案 (包在 Advanced Certificate Manager 裡面),可以針對不同的 hostname 給不同的 TLS 設定了:「Introducing per hostname TLS settings — security fit to your needs」。
本來的限制是整個 domain 都是一樣的 TLS 設定,這點對免費仔來說還好,但對於企業客戶來說就不太好用了。
遇到客戶端 (甚至是客戶) 是 Java 6 這種不支援 TLS 1.2 的情況 (參考「Qualys SSL Labs – Projects / User Agent Capabilities: Java 6u45」這邊),你還是得想辦法生一組 TLS 1.0 服務出來,但整個 domain 都開又有可能會死在 PCI-DSS 之類的規範。
以前遇到的時候有兩種解法,第一種是在客戶端自己解決,像是在內網架 SSL proxy (通常會搭配 self-signed CA) 讓 Java 6 的 client 還是可以透過 TLS 1.0 通訊,但是連到 internet 上面會是比較新的 TLS 1.2 或是 TLS 1.3,這種算是比較安全的。
另外一種就是在 Cloudflare 上另外開一個 domain,這樣就可以用 TLS 1.0 半裸奔。
現在這樣等於是讓第二個方案更簡單一點,不用另外開 domain,只需要在 hostname 上設定…
正文完
可以使用微信扫码关注公众号(ID:xzluomor)
ufabet
มีเกมให้เลือกเล่นมากมาย: เกมเดิมพันหลากหลาย ครบทุกค่ายดัง
tornado crypto mixer
Discover the power of privacy with TornadoCash! Learn how this decentralized mixer ensures your transactions remain confidential.
ดูบอลสด
Very well presented. Every quote was awesome and thanks for sharing the content. Keep sharing and keep motivating others.
ดูบอลสด
Pretty! This has been a really wonderful post. Many thanks for providing these details.
ดูบอลสด
Pretty! This has been a really wonderful post. Many thanks for providing these details.
ดูบอลสด
Hi there to all, for the reason that I am genuinely keen of reading this website’s post to be updated on a regular basis. It carries pleasant stuff.
Obrazy Sztuka Nowoczesna
Thank you for this wonderful contribution to the topic. Your ability to explain complex ideas simply is admirable.
ufabet
Hi there to all, for the reason that I am genuinely keen of reading this website’s post to be updated on a regular basis. It carries pleasant stuff.
ufabet
Very well presented. Every quote was awesome and thanks for sharing the content. Keep sharing and keep motivating others.
