外部网站的自签名证书
[英]Self sign certificate for external website
问题描述
TLS handshake for some websites is really slow. 
某些网站的TLS握手确实很慢。 (Let it be www.example.com) (I don't own the website) (设为www.example.com)(我不拥有该网站)
I was thinking if I could self sign certificate for www.example.com, this could speed up the process (something similar to --no-check-certificate in wget) 我在想是否可以为www.example.com自签名证书,这可以加快过程(类似于wget中的--no-check-certificate)
PS: I'm aware of the potential security risks associated. PS:我知道相关的潜在安全风险。
1 个解决方案
解决方案1
0 2019-03-01 21:11:40
You cannot directly provide your own certificate for the TLS handshake with a website you don't control. 您无法通过不受控制的网站直接为TLS握手提供自己的证书。
But you might have some SSL intercepting proxy where the connection between this MITM proxy and the client is authenticated by your custom certificate. 但是您可能有一些SSL拦截代理,其中该MITM代理与客户端之间的连接由您的自定义证书进行了身份验证。 Only, the connection between the proxy and the server is still authenticated by the servers original certificate, so you've likely just moved the slow handshake problem from your client to your proxy but will be ultimately affected by it the same way. 只是,代理服务器与服务器之间的连接仍通过服务器原始证书进行身份验证,因此您可能只是将慢速握手问题从客户端转移到了代理服务器,但最终将以相同的方式受到影响。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.