SSL/TLS 레퍼런스
SSL/TLS 버전과 암호 스위트 레퍼런스 (보안 상태 포함).
SSL 2.0
1995취약Broken — multiple critical vulnerabilities. RFC 6176 prohibits use.
SSL 3.0
1996취약Broken — POODLE attack. RFC 7568 prohibits use.
TLS 1.0
1999더 이상 사용 안 함Deprecated — BEAST attack. PCI DSS disallows after 2018.
TLS 1.1
2006더 이상 사용 안 함Deprecated — no significant improvements over 1.0. Browsers dropped in 2020.
TLS 1.2
2008안전Current — widely supported. Use with AEAD cipher suites only.
TLS 1.3
2018안전Latest — faster handshake, forward secrecy mandatory, removed legacy ciphers.
자주 묻는 질문
코드 구현
import ssl
import socket
# Check server's TLS version and cipher
def check_tls(hostname, port=443):
context = ssl.create_default_context()
with socket.create_connection((hostname, port)) as sock:
with context.wrap_socket(sock, server_hostname=hostname) as ssock:
cipher = ssock.cipher()
version = ssock.version()
cert = ssock.getpeercert()
return {
'version': version,
'cipher': cipher[0],
'bits': cipher[2],
'subject': dict(x[0] for x in cert['subject']),
'expires': cert['notAfter']
}
# Configure minimum TLS version
def create_secure_context(min_version=ssl.TLSVersion.TLSv1_2):
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
ctx.minimum_version = min_version
ctx.maximum_version = ssl.TLSVersion.TLSv1_3
ctx.load_default_certs()
return ctx
# Example
try:
info = check_tls('example.com')
print(f"TLS Version: {info['version']}")
print(f"Cipher: {info['cipher']} ({info['bits']} bits)")
print(f"Certificate expires: {info['expires']}")
except Exception as e:
print(f"Error: {e}")
Comments & Feedback
Comments are powered by Giscus. Sign in with GitHub to leave a comment.