NEO化学吧

啥时候升级到https了。。。

不是漏洞 2014-11-14 20:34

好惊讶。。。

neoatlantis 2014-11-15 07:12

目测给Cloudflare的中间人制造了机会。不知道Cloudflare是否值得信任。
cloudflare给所有的网站的都提供ssl,自己是反向代理,到真正的本站服务器之间ssl有没有建立、建立之后有没有验证证书,都不知道。

2014-11-15 15:34

但是这不是 CloudFlare 提供的哦,我直接买的证书。

复制代码

  1. [alex-macmini:~] alex% openssl s_client -connect www.huaxueba.com:443
    CONNECTED(00000003)
    depth=3 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
    verify error:num=19:self signed certificate in certificate chain
    verify return:0
    ---
    Certificate chain
    0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=www.huaxueba.com
       i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
    1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
       i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
    2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
       i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
    3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
       i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIIGTTCCBTWgAwIBAgIRAOhHtr9kEJPA/h+NiaJz6MkwDQYJKoZIhvcNAQELBQAw
    gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
    BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
    VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
    Q0EwHhcNMTQxMDI3MDAwMDAwWhcNMTkxMDI2MjM1OTU5WjBUMSEwHwYDVQQLExhE
    b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNVBAsTC1Bvc2l0aXZlU1NMMRkw
    FwYDVQQDExB3d3cuaHVheHVlYmEuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
    MIICCgKCAgEAnfl+PPqVnVdIg3sl6N51H4ghGkpZEcArQTYAwzUoaKN/8+Oj35xo
    dbOgCpgU2PtqL7Z+niMU9OIR71ClD+4Nw/QddZK9gmr1xIWwzXpHEE5Zml1ZzxVu
    9EjHj5rzEB6fq1sGFMilScLDtEyC6txvvcpha9a0vtrj2kdQ8BGxHvTYl5N8WGiI
    YOTLFm/9Opw/l6nfsAqXhm16cb2Mku+GPC3hPW5GSshPLqUZ+HsXJZZdsjcH+rNX
    qgeAl2/hRtE9m8N8PHuZGt5iZdlpLBVfpiJQfnV6udtqRQVqcAkPflHDHUD5ooqd
    q2+lKia/i/VEfJbtLUJoZje7jzt3s/h1GCw7emSQhlKQHmji9+vHVTFySzQxYiWM
    wxt83dqFx08zKeLGSzVLCUBNVj0ZKEYfMoQKbTMFXlqpqrxNkCGL8+ecnkMX9vQU
    1AsXQjnWQbhfhVfVh73WmTWBwpZMhCeyAL3/eGp63hgMzAYIFkBjkZkjcl9nVhYk
    ndbzvbk7Rs6bHYxQQa2vy5yR0402goHPkTnT9FApCOxO41LuSHHGuMyelJyEiSTa
    KIThWIxNZ7EUIieuOKUUFS/v9iaLPt3d3C86Zy+spDYsts2y4Cr6wvbiqMX7ct07
    Y+opSDww3z70S2IBjOck9p9uG44RfomJMcbfm6Oc0P7j8u75rGWQt+MCAwEAAaOC
    AdswggHXMB8GA1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQW
    BBRmWZ47yjfKGqCbHXJJpOfqaOzvFjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/
    BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6
    BgsrBgEEAbIxAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21v
    ZG8uY29tL0NQUzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2Ny
    bC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNl
    cnZlckNBLmNybDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8v
    Y3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJl
    U2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5j
    b20wKQYDVR0RBCIwIIIQd3d3Lmh1YXh1ZWJhLmNvbYIMaHVheHVlYmEuY29tMA0G
    CSqGSIb3DQEBCwUAA4IBAQANec/HkL0Aow9aEa6R+XCoaVOCgAg2Mw76nrk4wKRC
    lV95+pOMJDs3oQmHZZ1S7IznpmMdVg7mEmIhmdZkH7i7GY7AVweGIZUJxS3xhmG2
    Jof1rH9lIM5Smb+t5dzNJnjaj05CrBWlzs7eLo4CeaOgEQ/sRaGrLNfxtNq3hGl4
    uLbORnZhzSL27TmYNoNriJ9+uccwVyDHlMZ7NNdL8MYlGaMLHYscdcolR0Zc7IiM
    8a96+bDKE/CI9CFJbh2fcsTnmk3H6KMHjAydmA+iLp5hrF34W48r959ZbE0nfMZW
    Xcn8omM21Pg393ZZ+Lu78VOu8LuvNyw7YzJPjvEyicvA
    -----END CERTIFICATE-----
    subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=www.huaxueba.com
    issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 7379 bytes and written 712 bytes
    ---
    New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
    Server public key is 4096 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    SSL-Session:
        Protocol  : TLSv1
        Cipher    : DHE-RSA-AES256-SHA
        Session-ID: 916FCF7DA043C3C9BD1A590D0AEB4F5B66D333E0A5C73FF95F4139F3E20A9B81
        Session-ID-ctx:
        Master-Key: 1855A249176112E962B99A332E21AF78319A1F8E3842D4B1C34669CDB175180F2EBC2631AF8BA6D6BC553024E9E6D5CC
        Key-Arg   : None
        Start Time: 1416036877
        Timeout   : 300 (sec)
        Verify return code: 0 (ok)
    ---
    Q
    DONE

活动星图 2014-11-15 15:50

那个不明ID。。。。求包养。。。

[attachment=9347]

2014-11-15 15:51

。。。。。。。。。。据说我的 id 在非苹果设备上是个方块儿

活动星图 2014-11-15 16:31

左边是我平常看到的样子
右边是选中后把鼠标放到ID上的样子(鼠标图像没截到你懂的)
[attachment=9348]

不过,贴吧那边说你的ID应该是百度那边的ID,不是这里的ID。

neoatlantis 2014-11-15 16:49

原来如此,我开始以为是……

那么看来zdf果然投入了不少钱啊……

2014-11-15 17:30

但是因为XP不支持SHA256,所以基本上XP+IE和本站无缘了。

※ 来源:·NEO化学吧手机版

回  的帖子

From_HMX 2014-11-15 18:01

[quote]:但是因为XP不支持SHA256,所以基本上XP+IE和本站无缘了。
※ 来源:·NEO化学吧手机版 (2014-11-15 17:30) 
[/quote]
XP加CHROME了......我换不了WIN7或者BSD或者FEDORA.......增值税发票的开票系统目前只能支持XP......蛋疼

回 From_HMX 的帖子

不是漏洞 2014-11-16 00:49

[quote]From_HMX:XP加CHROME了......我换不了WIN7或者BSD或者FEDORA.......增值税发票的开票系统目前只能支持XP......蛋疼 (2014-11-15 18:01) 
[/quote]
虚拟机大法好。。