如何在Apache上强制进行SSL重新协商以进行测试 | 如何在Apache上强制进行SSL重新协商以进行测试

本文介绍了如何在Apache上强制进行SSL重新协商以进行测试的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我在使用x509客户端证书在网站上上传文件的应用程序中存在一个错误:在上传过程中发生重新协商时，由于缓存很小(128kb)，上传失败.

我需要使用apache SSLRenegBufferSize指令来更改缓存大小，但是我想测试并且无法重现重新协商以检查一切是否正常.如何在浏览器或apache上强制重新协商?

我已经找到了使用openssl的方法: http://blog.ivanristic .com/2009/12/testing-for-ssl-renegotiation.html

解决方案

如果您需要从apache端强制重新进行ssl重新协商，只需::p

全局设置https加密
仅在特定的位置"/rsaquo;中要求客户证书阻止

参考:

http://www.gossamer-threads.com/lists/apache/用户/419072

"Apache HTTP Server每次SSL都会请求SSL重新协商会话已建立，但已请求按位置进行需要不同安全性的环境-例如，如果您有Directory或Location块中的SSLVerifyClient指令. "

I have a bug on an application about uploading file on a website wich use x509 client certificate : when a renegotiation occurs during an upload, as the cache is small (128kb), the upload fail.

I need to use the apache SSLRenegBufferSize directive to change the cache size, but I want to test and cannot reproduce the renegotiation to check if everything is ok. How can I force renegotiation from my browser or on apache?

I have found how to do it using openssl : http://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html

解决方案

If you need to force ssl renegociation from apache side, all you need to do is :

Set https encryption globally
Require client certificate only within a specific ‹location› block

Reference :

http://www.gossamer-threads.com/lists/apache/users/419072

"Apache HTTP Server will request SSL renegotiation any time an SSLsession is already established but a request is made for a per-locationcontext which requires different security -- for example, if you havethe SSLVerifyClient directive in a Directory or Location block. "

这篇关于如何在Apache上强制进行SSL重新协商以进行测试的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！