\u90a3\u4e48\u95ee\u9898\u5230\u5e95\u53d1\u751f\u5728\u54ea\u91cc\uff1f<\/strong><\/div>\n
HPKP \u516c\u94a5\u56fa\u5b9a\u6240\u643a\u5e26\u7684\u662f\u4e2d\u7ea7\u8bc1\u4e66\u6216\u8005\u6839\u8bc1\u4e66\u7684\u54c8\u5e0c\u503c\uff0c\u5e76\u4e0e\u7ec8\u7aef\u6d4f\u89c8\u5668\u7ea6\u5b9a\u6b64\u54c8\u5e0c\u901a\u5e38\u4f1a\u5728 1 \u5e74\u5de6\u53f3\u5931\u6548\u3002<\/p>\n
\u4f8b\u5982\u84dd\u70b9\u7f51\u76ee\u524d\u4f7f\u7528\u7684\u662f TrustAsia\uff08\u4e2d\u7ea7 CA\uff09\u63d0\u4f9b\u7684\u8bc1\u4e66\uff0c\u6211\u4eec\u5df2\u7ecf\u5c06 TrustAsia \u7684\u4e2d\u7ea7\u8bc1\u4e66\u54c8\u5e0c\u8fdb\u884c\u56fa\u5b9a\u3002<\/p>\n
server\r\n {\r\n listen 443 ssl http2;\r\n ssl on;\r\n ssl_certificate \/usr\/local\/nginx\/conf\/vhost\/crt\/www.landiannews.com.crt;\r\n ssl_certificate_key \/usr\/local\/nginx\/conf\/vhost\/crt\/www.landiannews.com.key;\r\n # \u542f\u7528\u4e25\u683c\u5b89\u5168\u4f20\u8f93HSTS \r\n\tadd_header Strict-Transport-Security \"max-age=63072000; includeSubdomains; preload\";\r\n\t# \u542f\u7528 HPKP \u516c\u94a5\u56fa\u5b9a\r\n add_header Public-Key-Pins 'pin-sha256=\"IiSbZ4pMDEyXvtl7Lg8K3FNmJcTAhKUTrB2FQOaAO\/s=\"; pin-sha256=\"klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=\"; max-age=2592000; includeSubDomains';\r\n ssl_session_timeout 5m;\r\n }\r\n<\/pre>\n
\u5982\u679c 1 \u5e74\u540e\u84dd\u70b9\u7f51\u4e0d\u518d\u4f7f\u7528 TrustAsia \u7b7e\u53d1\u7684\u8bc1\u4e66\u800c\u6362\u6210\u5176\u4ed6\uff0c\u8fd9\u4f1a\u9020\u6210\u5b9e\u9645\u4f7f\u7528\u8bc1\u4e66\u4e0e\u56fa\u5b9a\u7684\u8bc1\u4e66\u54c8\u5e0c\u4e0d\u540c\u3002\u90a3\u4e48\u6d4f\u89c8\u5668\u5c31\u4f1a\u76f4\u63a5\u62e6\u622a\u7528\u6237\u4e0e\u84dd\u70b9\u7f51\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u8fde\u63a5\uff0c\u6d4f\u89c8\u5668\u4f1a\u8ba4\u4e3a\u65b0\u66f4\u6362\u7684 CA \u53ef\u80fd\u662f\u60f3\u8fdb\u884c\u6076\u610f\u52ab\u6301\u3002<\/p>\n
\u7531\u6b64\u53ef\u5f15\u53d1\u975e\u5b89\u5168\u65b9\u9762\u7684\u62d2\u7edd\u8bbf\u95ee\u653b\u51fb<\/strong><\/div>\n
\u5b89\u5168\u7814\u7a76\u5458\u65af\u79d1\u7279\u79f0\u653b\u51fb\u8005\u53ef\u52ab\u6301\u7528\u6237\u8bbf\u95ee\u5e76\u8fd4\u56de\u6076\u610f HPKP \u5934\uff0c\u8fd9\u79cd\u64cd\u4f5c\u5e76\u4e0d\u4f1a\u9020\u6210\u7528\u6237\u7684\u6570\u636e\u53d1\u751f\u6cc4\u9732\u3002\u4f46\u6076\u610f HPKP \u5934\u5728\u88ab\u6d4f\u89c8\u5668\u63a5\u6536\u540e\u4f1a\u963b\u6b62\u7528\u6237\u6b63\u5e38\u8bbf\u95ee\u7f51\u7ad9\uff0c\u56e0\u4e3a\u6d4f\u89c8\u5668\u6821\u9a8c\u5230\u7684 HPKP \u5934\u4e0e\u771f\u5b9e\u670d\u52a1\u5668\u4e0d\u540c\u3002\u56e0\u6b64\u6076\u610f\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528 HPKP \u516c\u94a5\u56fa\u5b9a\u7b56\u7565\u65e0\u5dee\u522b\u7684\u5bf9\u6240\u6709 HTTPS \u7f51\u7ad9\u53d1\u8d77\u8fd9\u79cd\u6709\u70b9\u53e6\u7c7b\u7684\u62d2\u7edd\u8bbf\u95ee\u653b\u51fb\u3002<\/p>\n
\u867d\u7136\u7f51\u7ad9\u6240\u6709\u8005\u59cb\u7ec8\u6ca1\u6709\u4e22\u5931\u5bf9\u7f51\u7ad9\u548c\u670d\u52a1\u5668\u7684\u63a7\u5236\u6743\uff0c \u4f46\u7531\u4e8e\u56fa\u5b9a\u54c8\u5e0c\u5df2\u7ecf\u88ab\u63a5\u6536\u56e0\u6b64\u6ca1\u6709\u529e\u6cd5\u6e05\u9664\u7f13\u5b58\u3002<\/p>\n
\u64b0\u5199\u8be5\u6807\u51c6\u7684\u8c37\u6b4c\u5de5\u7a0b\u5e08\u79f0 HPKP \u5f88\u53ef\u6015<\/div>\n
\u53c2\u4e0e\u64b0\u5199\u548c\u5236\u5b9a\u8be5\u6807\u51c6\uff08RFC 7469\uff09\u7684\u8c37\u6b4c\u5de5\u7a0b\u5e08\u79f0\u516c\u94a5\u56fa\u5b9a\u53d8\u5f97\u975e\u5e38\u53ef\u6015\uff0c\u8be5\u6807\u51c6\u4f1a\u5bf9\u751f\u6001\u9020\u6210\u4e25\u91cd\u5371\u5bb3\u3002\u9664\u4e86\u6076\u610f\u653b\u51fb\u8005\u53ef\u4ee5\u4f2a\u9020 HPKP \u5934\u8fdb\u884c\u62d2\u7edd\u8bbf\u95ee\u653b\u51fb\u5916\uff0c\u5982\u679c\u8bc1\u4e66\u53d1\u751f\u6cc4\u9732\u9700\u8981\u8fdb\u884c\u540a\u9500\u4e5f\u4f1a\u5f15\u53d1\u8f83\u5927\u95ee\u9898\u3002\u56e0\u4e3a\u540a\u9500\u65e7\u8bc1\u4e66\u540e\u518d\u8bf7\u6c42\u7b7e\u53d1\u65b0\u8bc1\u4e66\u53ea\u80fd\u9009\u62e9\u6b64\u524d\u56fa\u5b9a\u7684 CA \u673a\u6784\uff0c\u4f60\u4e0d\u80fd\u518d\u9009\u62e9\u65b0\u7684 CA \u673a\u6784\u4e3a\u4f60\u7b7e\u53d1\u8bc1\u4e66\u3002<\/p>\n
\u57fa\u4e8e\u6b64\u65b9\u9762\u8003\u8651 HPKP \u6807\u51c6\u5728\u5236\u5b9a\u65f6\u5df2\u8981\u6c42\u7f51\u7ad9\u81f3\u5c11\u56fa\u5b9a\u4e24\u4efd\u54c8\u5e0c\uff0c\u5982\u84dd\u70b9\u7f51\u56fa\u5b9a\u7684\u662f TrustAsia \u548c Comodo\u3002<\/p>\n
\u56e0\u6b64\u6700\u7ec8\u66f4\u6362\u8bc1\u4e66\u65f6\u6211\u53ea\u80fd\u7ee7\u7eed\u9009\u62e9\u7531 TrustAsia \u6216 Comodo \u7b7e\u53d1\u7684\u8bc1\u4e66\uff0c \u5176\u4ed6\u7684\u8bc1\u4e66\u6d4f\u89c8\u5668\u5219\u4f1a\u62d2\u7edd\u63a5\u53d7\u3002<\/p>\n
Google Chrome v67 \u7248\u5f00\u59cb\u5f03\u7528 HPKP<\/strong><\/div>\n
\u76ee\u524d\u5df2\u7ecf\u652f\u6301 HPKP \u516c\u94a5\u56fa\u5b9a\u7684\u6d4f\u89c8\u5668\u6709 Google Chrome \u6d4f\u89c8\u5668\u3001Mozilla Firefox \u6d4f\u89c8\u5668\u4ee5\u53ca Opera \u6d4f\u89c8\u5668\u3002\u65e2\u7136\u4f5c\u4e3a\u6807\u51c6\u53c2\u4e0e\u5236\u5b9a\u7684\u8c37\u6b4c\u90fd\u51b3\u5b9a\u653e\u5f03\u652f\u6301\uff0cMozilla Firefox \u548c Opera \u52bf\u5fc5\u4e5f\u4f1a\u5728\u540e\u7eed\u505c\u6b62\u652f\u6301\u516c\u94a5\u56fa\u5b9a\u3002<\/p>\n
\u8c37\u6b4c\u53bb\u5e74 8 \u6708\u7684\u6570\u636e\u663e\u793a\u5168\u7403\u542f\u7528 HPKP \u7684\u7ad9\u70b9\u4ec5\u53ea\u6709 375 \u4e2a\uff0c\u8fd9\u4e2a\u6570\u5b57\u5bf9\u4e8e\u6574\u4e2a\u4e92\u8054\u7f51\u6765\u8bf4\u771f\u7684\u662f\u5fae\u4e0d\u8db3\u9053\u3002\u540c\u65f6\u7531\u4e8e\u5f88\u591a\u7f51\u7ad9\u4f7f\u7528 CDN \u6216\u8005\u5982 CloudFlare \u7c7b\u7684 DDoS \u9632\u62a4\uff0c\u6b64\u7c7b\u670d\u52a1\u672c\u8eab\u5c31\u6ca1\u51c6\u5907\u652f\u6301 HPKP \u516c\u94a5\u56fa\u5b9a\u3002<\/p>\n
\u6700\u7ec8\u8c37\u6b4c\u4f1a\u5728 2018 \u5e74 5 \u6708\u4efd\u53d1\u5e03\u7684 Chrome v67 \u7248\u4e2d\u6b63\u5f0f\u5f03\u7528 HPKP\uff0c\u4f7f\u7528\u8be5\u6807\u51c6\u7684\u7f51\u7ad9\u53ef\u4ee5\u63d0\u524d\u64a4\u9500\u56fa\u5b9a\u4e86\u3002<\/p>\n
\n
\u539f\u6587\u6765\u81ea\uff1ahttps:\/\/www.landiannews.com\/archives\/41904.html<\/a><\/p>\n
\u672c\u6587\u5730\u5740\uff1a http:\/\/lrxjmw.cn\/chrome-abandon-hpkp.html<\/a>\u7f16\u8f91\uff1a\u6e05\u84b8github\uff0c\u5ba1\u6838\u5458\uff1a\u9004\u589e\u5b9d<\/span><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"
\u5bfc\u8bfb \u65e9\u4e9b\u5e74\u8c37\u6b4c\u5de5\u7a0b\u5e08\u4e3a\u4e86\u63d0\u9ad8\u4e92\u8054\u7f51\u6574\u4f53\u7684\u5b89\u5168\u6027\u907f\u514d\u56e0\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u8fdd\u89c4\u64cd\u4f5c\u800c\u8bbe\u8ba1\u4e86 HPKP \u516c\u94a5\u56fa\u5b9a\u6807\u51c6\u3002\u516c […]<\/p>\n","protected":false},"author":317,"featured_media":86876,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[21],"tags":[],"class_list":["post-86873","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"acf":[],"_links":{"self":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/86873","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/users\/317"}],"replies":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/comments?post=86873"}],"version-history":[{"count":3,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/86873\/revisions"}],"predecessor-version":[{"id":86890,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/86873\/revisions\/86890"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media\/86876"}],"wp:attachment":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media?parent=86873"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/categories?post=86873"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/tags?post=86873"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}