如何在Apache上强制进行SSL重新协商以进行测试 [英] How to force SSL renegotiation on apache for a test
问题描述
我在使用x509客户端证书在网站上上传文件的应用程序中存在一个错误:在上传过程中发生重新协商时,由于缓存很小(128kb),上传失败.
我需要使用apache SSLRenegBufferSize指令来更改缓存大小,但是我想测试并且无法重现重新协商以检查一切是否正常.如何在浏览器或apache上强制重新协商?
我已经找到了使用openssl的方法: http://blog.ivanristic .com/2009/12/testing-for-ssl-renegotiation.html
如果您需要从apache端强制重新进行ssl重新协商,只需::p
- 全局设置https加密
- 仅在特定的位置"/rsaquo;中要求客户证书阻止
参考:
http://www.gossamer-threads.com/lists/apache/用户/419072
"Apache HTTP Server每次SSL都会请求SSL重新协商 会话已建立,但已请求按位置进行 需要不同安全性的环境-例如,如果您有 Directory或Location块中的SSLVerifyClient指令. "
I have a bug on an application about uploading file on a website wich use x509 client certificate : when a renegotiation occurs during an upload, as the cache is small (128kb), the upload fail.
I need to use the apache SSLRenegBufferSize directive to change the cache size, but I want to test and cannot reproduce the renegotiation to check if everything is ok. How can I force renegotiation from my browser or on apache?
I have found how to do it using openssl : http://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html
If you need to force ssl renegociation from apache side, all you need to do is :
- Set https encryption globally
- Require client certificate only within a specific ‹location› block
Reference :
http://www.gossamer-threads.com/lists/apache/users/419072
"Apache HTTP Server will request SSL renegotiation any time an SSL session is already established but a request is made for a per-location context which requires different security -- for example, if you have the SSLVerifyClient directive in a Directory or Location block. "
这篇关于如何在Apache上强制进行SSL重新协商以进行测试的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
