Skip to content

Commit

Permalink
web fix
Browse files Browse the repository at this point in the history
  • Loading branch information
@kjur
kjur committed Aug 14, 2015
1 parent 29a1b0e commit 099a2f7
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 39 deletions.
16 changes: 10 additions & 6 deletions tool_asn1dumper.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,8 @@
-----END CERTIFICATE-----
*/}).toString().match(/\/\*([^]*)\*\//)[1];

var ocspResHEX = "308206370a0100a08206303082062c06092b06010505073001010482061d3082061930819ea216041469ce07ff9b3f295016bc46d193e53205ef7cb7c5180f32303135303632303139323133365a307330713049300906052b0e03021a0500041474241467069ff5e0983f5e3e1a6ba0652a54157504140159abe7dd3a0b59a66463d6cf200757d591e76a02106d8e5dbb7c167851f8a2d6cb6b5f30458000180f32303135303632303139323133365aa011180f32303135303632373139323133365a300d06092a864886f70d010105050003820101006cafe806658da1a7bcf13935896412cc07375afc74e9dda77451a36ec428c5c93d63fa736b7c867700d27900b65fdc208a61d771135af73efc00f60cb0ac2ca4991f938cf4fda20e90f49944376a1afeaf1efa0cfa633f2b0011c6a64bcc8fe294265c4ba94762763d0902281d5bfb5b5d8dd53f3a46a1f5e802e7333981cf0d4613394248da8828049f9b8d05473260686286883e0d8bb375c22e680e833f1084efe8db4c215e2891118d5607c392c8e5b12a0104d1a61d604fe9de246ff1ac22a456f7c4ef0c69b6414fb4524a7ace321610f98c0f5566088eeda5245c59123be7c14a1929bf9132a86505e492e059a03bdc8ded719f051b274f9abe064e03a08204603082045c3082045830820340a00302010202107060c24389f44bb5ff3cd9475de27769300d06092a864886f70d01010b05003077310b3009060355040613025553311d301b060355040a131453796d616e74656320436f72706f726174696f6e311f301d060355040b131653796d616e746563205472757374204e6574776f726b312830260603550403131f53796d616e74656320436c61737320332045562053534c204341202d204733301e170d3135303431323030303030305a170d3135303731313233353935395a3039313730350603550403132e53796d616e74656320436c61737320332045562053534c204341202d204733204f43535020526573706f6e64657230820122300d06092a864886f70d01010105000382010f003082010a0282010100d64ceb922d19bfa94f4729a537398b30ebf5c6631c62bbcb769f306e16ca4057b4b5224a150fccb73e82baa609d6877334b1df7103a2da909fc7e0bb3db2b3a9eb2673380f8ee9e3716d3cb2293c0cedc85ee3ccb5a3d3a0f5cf60000bef038e5681a52c8c7e7b739e38dad594025b3ce6270835a9cc2a67af884262db46c2a5d1c3c0e3f9df9e7e13bc15f92f4d0a281dbfa81c3871b77c61a1d9af62bd292ee9dbdfdfd00a38078e1439dd328edd04ac12fd5c7baf71a67653a0073e4c2b0592b5edf0b557cdbba33bac4ac1b3d763b4ee7bba7a8fa1f0b113f8972b6e67058f900fce2ffbc72e2f5dbbeff61cb1cd6627ffe15d2f8f62eb8709a734c9359f0203010001a382011c30820118300f06092b06010505073001050402050030220603551d11041b3019a4173015311330110603550403130a5447562d422d33353939301f0603551d230418301680140159abe7dd3a0b59a66463d6cf200757d591e76a301d0603551d0e0416041469ce07ff9b3f295016bc46d193e53205ef7cb7c5300c0603551d130101ff04023000306e0603551d20046730653063060b6086480186f845010717033054302606082b06010505070201161a687474703a2f2f7777772e73796d617574682e636f6d2f637073302a06082b06010505070202301e1a1c2020687474703a2f2f7777772e73796d617574682e636f6d2f72706130130603551d25040c300a06082b06010505070309300e0603551d0f0101ff040403020780300d06092a864886f70d01010b0500038201010048b21764459225136166708e24e597ac2fe680694cc95435e209d80cdd3c83de7d134619cb87482729f5ef8453dada52ca9be8065b819899b79675f3b4cf9cd25f2483b0d352aed1eb51e2b59e75d4bf39a0929d986681bfaeefc4b4998f5135d8a6c0d1ef0e8d30a04b3a736ae7858bc02471eb08e5cf789798ad35e46316d37892310e21a9045d5bad956aa1bd9b10692c54d4bd3fa1dcddb746baabdbfcfaad75ffdb51ba9019823d1180e41c57577325c35dbbedd705d77896a1d3d76242a36ace68681ba7d2f22e26324c04ff18272fa7a71d083991bc087b50c0e34105106cf1e382dbeddf7577a291386edec609283e4e3f6419717934a725f30c6530";

function _doDump() {
var f1 = document.form1;
try {
Expand All @@ -64,12 +66,13 @@
}

function _setSample() {
var f1 = document.form1;
switch (f1.sample1.selectedIndex) {
case 0: f1.s_in.value = ""; break;
case 1: f1.s_in.value = "0603550406"; _doDump(); break;
case 2: f1.s_in.value = "3006020101020102"; _doDump(); break;
case 3: f1.s_in.value = certGithubPEM; _doDump(); break;
var f1 = document.form1;
switch (f1.sample1.value) {
case "hexoid": f1.s_in.value = "0603550406"; _doDump(); break;
case "hexseq": f1.s_in.value = "3006020101020102"; _doDump(); break;
case "cert": f1.s_in.value = certGithubPEM; _doDump(); break;
case "ocsp": f1.s_in.value = ocspResHEX; _doDump(); break;
default: f1.s_in.value = ""; break;
}
}
</script>
Expand Down Expand Up @@ -97,6 +100,7 @@ <h4>(Step1) Fill any PEM or hexadecimal string of ASN.1 data to be decoded.</h4>
<option value="hexoid"> sample hexadecimal string of ASN.1 Object Identifier
<option value="hexseq"> sample hexadecimal string of ASN.1 Sequence
<option value="cert"> sample PEM X.509 certificate
<option value="ocsp"> sample OCSP response of https://www.symantec.com
</select>
<br/>

Expand Down
28 changes: 1 addition & 27 deletions tool_forfact.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,33 +8,7 @@

<link rel="stylesheet" type="text/css" media="screen" href="stylesheets/stylesheet.css">
<title>For Checking CSR by factorable.net</title>
<!-- for pkcs5pkey -->
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/core.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/cipher-core.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/md5.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/tripledes.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/enc-base64.js"></script>
<!-- for crypto -->
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/sha1.js"></script>
<!-- for crypto, asn1, asn1x509 -->
<script src="http://yui.yahooapis.com/2.9.0/build/yahoo/yahoo-min.js"></script>
<!-- for asn1x509(stohex) -->

<script language="JavaScript" type="text/javascript" src="ext/jsbn.js"></script>
<script language="JavaScript" type="text/javascript" src="ext/jsbn2.js"></script>
<script language="JavaScript" type="text/javascript" src="ext/rsa.js"></script>
<script language="JavaScript" type="text/javascript" src="ext/rsa2.js"></script>
<script language="JavaScript" type="text/javascript" src="ext/base64.js"></script>
<script language="JavaScript" type="text/javascript" src="base64x-1.1.js"></script>
<script language="JavaScript" type="text/javascript" src="asn1hex-1.1.js"></script>
<script language="JavaScript" type="text/javascript" src="rsapem-1.1.js"></script>
<script language="JavaScript" type="text/javascript" src="rsasign-1.2.js"></script>
<script language="JavaScript" type="text/javascript" src="x509-1.1.js"></script>
<script language="JavaScript" type="text/javascript" src="pkcs5pkey-1.0.js"></script>
<script language="JavaScript" type="text/javascript" src="asn1-1.0.js"></script>
<script language="JavaScript" type="text/javascript" src="asn1x509-1.0.js"></script>
<script language="JavaScript" type="text/javascript" src="crypto-1.1.js"></script>
<script language="JavaScript" type="text/javascript" src="keyutil-1.0.js"></script>
<script language="JavaScript" type="text/javascript" src="jsrsasign-latest-all-min.js"></script>
<script language="JavaScript" type="text/javascript">
function doIt() {
var f1 = document.form1;
Expand Down
21 changes: 15 additions & 6 deletions tool_httpscfg.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<meta name="description" content="HTTPS設定ファイル生成ツール" />

<link rel="stylesheet" type="text/css" media="screen" href="stylesheets/stylesheet.css">
<title>HTTPS設定ファイル生成ツール0.4(ベータ版)</title>
<title>HTTPS設定ファイル生成ツール0.5(ベータ版)</title>
<!-- for pkcs5pkey -->
<script language="JavaScript" type="text/javascript" src="jsrsasign-latest-all-min.js"></script>

Expand All @@ -21,7 +21,9 @@
"cryptrec3": "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:CAMELLIA128-SHA:AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:AES256-SHA:RC4-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA",
"mozilla1": "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK",
"mozilla2": "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA",
"mozilla3": "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA",
"mozilla3": "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA",
"bullet1": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:EDH-RSA-DES-CBC3-SHA",
"bullet2": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:EDH-RSA-DES-CBC3-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA",
"qualysblog": "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS",
"openssl_default": "DEFAULT",
"redhat_default": "HIGH:!aNULL:!MD5:!RC4",
Expand Down Expand Up @@ -181,7 +183,8 @@
function _updateCompression(cfg, guidename, serverapp) {
// 注:nginx は新しいもので対応、設定は不要
if (guidename.indexOf("cryptrec") != -1 ||
guidename.indexOf("mozilla") != -1) {
guidename.indexOf("mozilla") != -1 ||
guidename.indexOf("bullet") != -1) {
if (serverapp.indexOf("apache") != -1) {
cfg = cfg.replace("%%%COMPRESSION%%%", "SSLCompression off");
}
Expand All @@ -199,7 +202,8 @@
if (serverapp == "nginx") s = "ssl_prefer_server_ciphers on;";
if (serverapp == "lighttpd") s = "ssl.honor-cipher-order = \"enable\"";
if (guidename.indexOf("cryptrec") == -1 &&
guidename.indexOf("mozilla") == -1) {
guidename.indexOf("mozilla") == -1 &&
guidename.indexOf("bullet") == -1) {
cfg = cfg.replace("%%%CIPHERORDER%%%", "#" + s);
} else {
cfg = cfg.replace("%%%CIPHERORDER%%%", s);
Expand Down Expand Up @@ -305,7 +309,7 @@
<!-- HEADER -->
<div id="header_wrap" class="outer">
<header class="inner">
<h1 id="project_title">HTTPS設定ファイル生成ツール0.4(ベータ版)</h1>
<h1 id="project_title">HTTPS設定ファイル生成ツール0.5(ベータ版)</h1>
<h2 id="project_tagline">各種ガイドラインに応じたApache、nginx、lighttpdなど主要なサーバーのHTTPS設定を自動生成します</h2>

<a href="http://kjur.github.io/jsrsasign/">TOP</a> |
Expand All @@ -330,6 +334,8 @@ <h4>簡易設定情報</h4>
<option value="mozilla1">Mozilla Modern Compatibility Profile - 高セキュリティ
<option value="mozilla2">Mozilla Intermediate Compatibility Profile - 中セキュリティ(デフォルト)
<option value="mozilla3">Mozilla Old Backward Compatibility Profile - 低セキュリティ
<option value="bullet1">Bulletproof SSL and TLS - recommended(中)
<option value="bullet2">Bulletproof SSL and TLS - compatibility(低)
<option value="qualysblog">Qualys社のブログによる推奨設定

<option value="openssl_default">OpenSSLデフォルト設定
Expand Down Expand Up @@ -419,7 +425,9 @@ <h4>参考リンク</h4>
<li><a href="http://www.ipa.go.jp/security/vuln/ssl_crypt_config.html" target="_blank">
CRYPTREC/IPA SSL/TLS暗号設定ガイドライン~安全なウェブサイトのために(暗号設定対策編)~</a></li>
<li><a href="https://wiki.mozilla.org/Security/Server_Side_TLS">
Mozilla Wiki: Security/Server Side TLS</a></li>
Mozilla Wiki: Security/Server Side TLS</a></li>
<li><a href="https://www.feistyduck.com/books/bulletproof-ssl-and-tls/">Bulletproof SSL and TLS by Ivan Ristic
</a></li>
<li><a href="https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy">QUALYS BLOG: Configuring Apache, Nginx, and OpenSSL for Forward Secrecy</a></li>
<li><a href="https://cipherli.st/">Cipherli.st: String Ciphers for Apache, nginx and Lighttpd</a></li>
<li><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf">
Expand Down Expand Up @@ -469,6 +477,7 @@ <h4>補足説明</h4>

<h4>ニュース</h4>
<ul>
<li>2015.06.21 - 0.5ベータ版 Bulletproof SSL and TLSへの対応</li>
<li>2015.05.16 - 0.4ベータ版 lighttpdに対応</li>
<li>2015.05.15 - 0.3ベータ版 nginxのMozillaのガイドのprotocol値の誤りの修正</li>
<li>2015.05.14 - 0.2ベータ版 nginx設定、TLS圧縮オフに対応 
Expand Down

0 comments on commit 099a2f7

Please sign in to comment.