東方英雄夢想をネタに買ってきました・ω・
でも、アクティベーション失敗します
調べてみたら、https://accounts2.hachikuma.net/activate/1.0/api/signin へのアクセス失敗します
そんなサーバー存在しない・ω・;
どうやら、確率 1/2で accounts.hachikuma.net じゃないほうに飛ばされる・ω・ ?
でもおかしいので IEで開くと、やっぱだめ
>\TestSSLServer accounts.hachikuma.net
Supported versions: TLSv1.0 TLSv1.1 TLSv1.2 Deflate compression: no Supported cipher suites (ORDER IS NOT SIGNIFICANT): TLSv1.0 DHE_RSA_WITH_AES_128_CBC_SHA DHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (TLSv1.1: idem) TLSv1.2 DHE_RSA_WITH_AES_128_CBC_SHA DHE_RSA_WITH_AES_256_CBC_SHA DHE_RSA_WITH_AES_128_CBC_SHA256 DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ---------------------- Server certificate(s): f723bcc7b3538c4bfc484ee372e659942f07dd31: CN=accounts.hachikuma.net, OU=Positi veSSL, OU=Domain Control Validated ---------------------- Minimal encryption strength: strong encryption (96-bit or more) Achievable encryption strength: strong encryption (96-bit or more) BEAST status: vulnerable CRIME status: protected |
TLS 1.0の設定のせいか・ω・
SSL Server Test: accounts.hachikuma.net (Powered by Qualys SSL Labs)
とっても、アンセキュア・ω・!
OpenSSL Padding Oracle vulnerability (CVE-2016-2107)
Chain issues Incorrect order, Contains ancho
証明書のチェインに問題があるので、プロトコルサポートがうまくいってないんですね
IE 6 / XP
No FS 1 No SNI 2 |
Server closed connection
|
IE 7 / Vista
|
RSA 2048 (SHA256)
|
TLS 1.0
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ECDH secp256r1
FS
|
IE 8 / XP
No FS 1 No SNI 2 |
Server sent fatal alert: handshake_failure
|
IE 8-10 / Win 7
R |
RSA 2048 (SHA256)
|
TLS 1.0
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ECDH secp256r1
FS
|
こんなん出てます・ω・
続く
Hi , Mr BWingCat.
Can you please write a tutorial how to add export to a dll?No where in the web had it.