1
sola97 OP |
2
oh 2017-09-27 02:10:02 +08:00 via iPhone 1
吓得我以为连 https 的都可以劫持了…
网易为啥不上 https 呢… |
3
miaomiao888 2017-09-27 03:46:59 +08:00
吓得我以为连 https 的都可以劫持了…
|
4
popkara 2017-09-27 08:35:35 +08:00
@miaomiao888 Https 是不可能劫持的,这个要是劫持了问题可比几个广告厉害多了。
|
5
Tokin 2017-09-27 10:26:16 +08:00
可能劫持 A 怕被劫持 B 再劫持一刀吧。。。所以上了 https,哈哈哈
|
6
FlyingLion 2017-09-28 02:00:29 +08:00 2
#ShenZhenShiDingChengChuangTouHuLianWangJinRongFuWuYouXianGongSi's ADs
#深圳市鼎诚创投互联网金融服务有限公司 address=/dcct8.cn/127.255.255.255 address=/dcct8.com/127.255.255.255 #Yue Yu's ADs #岳宇 address=/zhouyi1.com/127.255.255.255 address=/lvehaisen.com/127.255.255.255 address=/yiyuya.com/127.255.255.255 address=/yuyiya.com/127.255.255.255 address=/dwaed.com/127.255.255.255 #BeiJingYiMaZaiXianKeJiYouXianGongSi's ADs #北京亿玛在线科技股份有限公司 address=/yiqifa.com/127.255.255.255 address=/emar.com.cn/127.255.255.255 address=/gouwuke.com/127.255.255.255 address=/eqiso.com/127.255.255.255 address=/yiqiso.com/127.255.255.255 address=/eqifa.com/127.255.255.255 address=/gouwubang.com/127.255.255.255 address=/eqigou.com/127.255.255.255 address=/adhudong.com/127.255.255.255 address=/hudongad.com/127.255.255.255 address=/yigao.com/127.255.255.255 |
7
coolcoffee 2017-09-28 16:58:44 +08:00
网易家是买不起证书吗? 貌似没见过网易家有 https 的
|
8
meteor 2017-09-30 17:54:43 +08:00
@coolcoffee 不是买不起,是不想买。证书免费的现在都有的。
|
9
tomhuang 2017-10-02 08:50:44 +08:00
@coolcoffee
网易的邮箱一直都有 ssl |
10
coolcoffee 2017-10-02 13:03:23 +08:00
@tomhuang https://mail.163.com/ , 登陆界面 https 重定向到 http, 然后登陆以后手动改协议才能用 https,而且还引用了非 https 资源导致锁不是绿色的。
|
11
dfly0603 2017-10-03 12:58:44 +08:00 via Android
|
12
coolcoffee 2017-10-04 23:38:30 +08:00
@dfly0603 会重定向到 http 的,这和没有有什么区别?
➜ ~ curl https://yys.163.com/m/ -v * Trying 101.227.102.199... * TCP_NODELAY set * Connected to yys.163.com (101.227.102.199) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server did not agree to a protocol * Server certificate: * subject: C=CN; ST=Zhejiang; L=Hangzhou; O=NetEase (Hangzhou) Network Co., Ltd; OU=Game Dept; CN=yys.163.com * start date: Dec 8 00:00:00 2016 GMT * expire date: Dec 8 23:59:59 2018 GMT * subjectAltName: host "yys.163.com" matched cert's "yys.163.com" * issuer: C=US; O=GeoTrust Inc.; CN=GeoTrust SSL CA - G3 * SSL certificate verify ok. > GET /m/ HTTP/1.1 > Host: yys.163.com > User-Agent: curl/7.54.0 > Accept: */* > * HTTP 1.0, assume close after body < HTTP/1.0 301 Moved Permanently < Server: Cdn Cache Server V2.0 < Date: Wed, 04 Oct 2017 15:36:10 GMT < Content-Length: 0 < Location: http://yys.163.com/ < * Closing connection 0 * TLSv1.2 (OUT), TLS alert, Client hello (1): |