CN111464387A - Method, device, system and equipment for detecting SS L/T L S configuration security of terminal - Google Patents
Method, device, system and equipment for detecting SS L/T L S configuration security of terminal Download PDFInfo
- Publication number
- CN111464387A CN111464387A CN202010243660.8A CN202010243660A CN111464387A CN 111464387 A CN111464387 A CN 111464387A CN 202010243660 A CN202010243660 A CN 202010243660A CN 111464387 A CN111464387 A CN 111464387A
- Authority
- CN
- China
- Prior art keywords
- terminal
- security
- test
- data packet
- tcp data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000012360 testing method Methods 0.000 claims abstract description 136
- 238000001514 detection method Methods 0.000 claims abstract description 48
- 238000011076 safety test Methods 0.000 claims description 39
- 230000004044 response Effects 0.000 claims description 24
- 238000004891 communication Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000001419 dependent effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a method, a device, a system and equipment for detecting the configuration security of a terminal SS L/T L S, which can automatically detect whether an SS L/T L S configuration security test item of the terminal equipment is completed or not, and if the unfinished security test item exists, an SS L/T L S test server is started to perform the unfinished security test item, so that the configuration security of the SS L/T L S on the terminal equipment is automatically detected, the manual detection is not relied on, and the technical problems that the existing terminal SS L/T L S configuration security detection depends on the manual test and the detection efficiency is low are solved.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method, an apparatus, a system, and a device for detecting security of SS L/T L S configuration at a terminal.
Background
The most widely used internet communication security protocol is SS L (Secure Sockets L eye) Secure socket layer protocol, also known as T L S (Transport L eye security) Transport layer security protocol, SS L/T L S protocol provides security functions such as identity authentication, data encryption and integrity verification for both communication parties by using cryptography, and is an important basis of modern internet security.
The existing security testing method aiming at the SS L/T L S protocol mainly aims at SS L/T L S configuration security detection at a server end, and the SS L/T L S configuration security detection at a terminal depends on manual testing, which is time-consuming and labor-consuming, so that the SS L/T L S configuration security of the terminal is automatically detected to improve the SS L/T2S configuration security detection efficiency of the terminal, and the technical problem to be solved by technical personnel in the field is urgent.
Disclosure of Invention
The application provides a method, a device, a system and equipment for detecting the configuration safety of a terminal SS L/T L S, which are used for solving the technical problems that the existing terminal SS L/T L S configuration safety detection depends on manual testing and the detection efficiency is low.
In view of the above, the present application provides, in a first aspect, a method for detecting security of an SS L/T L S configuration of a terminal, including:
receiving a TCP data packet sent by a terminal, and inquiring the detection condition of a safety test item of the terminal equipment in a database according to the equipment IP address of the terminal equipment if the TCP data packet carries a ClientHello message;
if all the safety test items of the terminal equipment are tested and pass the detection, forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet, if the terminal equipment contains unfinished safety test items, starting an SS L/T L S test server to test each safety test item based on the unfinished safety test items, generating corresponding ServerHello messages and Certificate messages, and returning the ServerHello messages and the Certificate messages to the terminal equipment;
and receiving a response message returned by the terminal equipment after receiving the ServerHello message and the Certificate message, and generating a test result according to the response message.
Optionally, the method further comprises:
and correspondingly storing the safety test items and the corresponding test results in the database.
Optionally, the receiving a TCP data packet sent by the terminal, if the TCP data packet carries a ClientHello message, querying, in a database, a detection condition of a security test item of the terminal device according to a device IP address of the terminal device, includes:
and receiving a TCP data packet transmitted by the terminal and forwarded by the gateway, and inquiring the detection condition of the safety test item of the terminal equipment in a database according to the equipment IP address of the terminal equipment if the TCP data packet carries the ClientHello message.
Optionally, the receiving a TCP data packet sent by the terminal, if the TCP data packet carries a ClientHello message, querying, in a database, a detection condition of a security test item of the terminal device according to a device IP address of the terminal device, further includes:
and if the TCP data packet does not carry the ClientHello message, forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet.
Optionally, the security test item includes a protocol version security test, an encryption suite security test, a fuzzy message security test, and a certificate security test.
The second aspect of the present application provides an apparatus for detecting security of SS L/T L S configuration, comprising:
the detection module is used for receiving a TCP data packet sent by a terminal, and inquiring the detection condition of a safety test item of the terminal equipment in a database according to the equipment IP address of the terminal equipment if the TCP data packet carries a ClientHello message;
a test module, configured to forward the TCP data packet to an external network according to an original destination IP address of the TCP data packet if all security test items of the terminal device have been tested and passed through the test, and if the terminal device contains an incomplete security test item, start an SS L/T L S test server to perform each security test item test based on the incomplete security test item, generate a corresponding ServerHello message and a Certificate message, and return the ServerHello message and the Certificate message to the terminal device;
and the response module is used for receiving a response message returned by the terminal equipment after receiving the ServerHello message and the Certificate message, and generating a test result according to the response message.
Optionally, the method further comprises:
and the storage module is used for correspondingly storing the safety test items and the corresponding test results in the database.
Optionally, the detection module is specifically configured to:
receiving a TCP data packet transmitted by a terminal and forwarded by a gateway, and inquiring the detection condition of a safety test item of the terminal equipment in a database according to the equipment IP address of the terminal equipment if the TCP data packet carries a ClientHello message;
the detection module is further configured to:
and if the TCP data packet does not carry the ClientHello message, forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet.
The third aspect of the application provides a system for detecting the configuration security of the terminal SS L/T L S, which comprises a terminal device, a gateway, a database and a device for detecting the configuration security of the terminal SS L/T L S, wherein the device is used for detecting the configuration security of the terminal SS L/T L S;
the terminal equipment is used for sending a TCP data packet to the gateway;
the gateway is used for forwarding the TCP data packet to the device for detecting the SS L/T L S configuration security;
the gateway is provided with an SS L/T L S test server;
the database is used for storing the safety test items and the corresponding test results.
The fourth aspect of the present application provides an apparatus for detecting security of SS L/T L S configuration, the apparatus comprising a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the method for detecting the security of the SS L/T L S configuration of the terminal of the first aspect according to instructions in the program code.
According to the technical scheme, the embodiment of the application has the following advantages:
the application provides a method for detecting the security configuration of a terminal SS L/T L S, which comprises the steps of receiving a TCP data packet sent by the terminal, inquiring the detection condition of a security test item of the terminal in a database according to the equipment IP address of the terminal if the TCP data packet carries a ClientHello message, forwarding the TCP data packet to an external network according to the original IP address of the TCP data packet if all the security test items of the terminal are tested and pass the detection, starting an SS L/T L S test server to test each security test item based on the incomplete security test item if the terminal contains the incomplete security test item, generating corresponding ServerHello messages and Certificate 865 messages, returning the ServerHello messages and Certificate messages to the terminal, returning response messages after receiving the ServerHello messages and the Certificate messages, generating test results according to the response messages, and automatically detecting whether the SS L/T L S of the terminal SS L/T L S is configured, automatically detecting whether the SS 19/T19S is dependent on the prior art SS 632/T L S testing, and automatically detecting the security testing efficiency of the SS 6323/T L.
Drawings
FIG. 1 is a flowchart illustrating a method for detecting security of SS L/T L S configuration at a terminal according to an embodiment of the present application;
FIG. 2 is a system framework diagram of a method for detecting security of SS L/T L S configuration at a terminal according to an embodiment of the present application;
FIG. 3 is another schematic flow chart illustrating a method for detecting security of SS L/T L S configuration at a terminal according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an apparatus for detecting security of configuration of SS L/T L S in this embodiment.
Detailed Description
In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
For ease of understanding, referring to fig. 1 and 2, the present application provides one embodiment of a method for detecting security of a terminal SS L/T L S configuration, comprising:
and 101, receiving a TCP data packet sent by the terminal equipment, and inquiring the detection condition of the security test item of the terminal in a database according to the equipment IP address of the terminal if the TCP data packet carries the ClientHello message.
It should be noted that, in this embodiment of the application, after receiving a TCP data packet sent from a terminal device, it is determined whether the TCP data packet carries a client hello message, that is, a ClientHello message, and if the ClientHello message sent by the terminal device is received, it indicates that the terminal device has initiated an SS L/T L S request.
And 102, if all the safety test items of the terminal equipment are tested and pass the detection, forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet, if the terminal equipment contains unfinished safety test items, starting an SS L/T L S test server to test each safety test item based on the unfinished safety test items, generating corresponding ServerHello messages and Certificate messages, and returning the ServerHello messages and the Certificate messages to the terminal equipment.
It should be noted that, if the result of querying the database in step 101 indicates that all the security test items of the terminal device have been tested and passed the detection, the TCP data packet is forwarded to the external network according to the original destination IP address of the TCP data packet, and if the terminal device contains an incomplete security test item, the ClientHello message is responded, based on the incomplete security test item, the SS L/T L S test server is started to perform the test on each security test item, and a ServerHello message and a Certificate message corresponding to each security test item are generated, and the ServerHello message and the Certificate message are returned to the terminal device.
And 103, receiving a response message returned by the terminal equipment after receiving the ServerHello message and the Certificate message, and generating a test result according to the response message.
For example, when the protocol version security item is tested, the SS L/T L S test server sends a test message with a security test item of "unsafe L2.0" to the terminal device, if the response message returned by the terminal device is "reject", the configuration of SS L/T L of the terminal device is safe, the test result of the security test item is test pass, and if the response message returned by the terminal device is "accept", the configuration of SS L/T L of the terminal device is safe, and the test result of the security test item is test fail.
The method for detecting the configuration security of the terminal SS L/T L S provided by the embodiment of the application can automatically detect whether the configuration security test items of the terminal SS L/T L S are completed, and if the configuration security test items are not completed, the SS L/T L S test server is started to perform the unfinished security test items, so that the configuration security of the SS L/T L S on the terminal is automatically detected, the method is not dependent on manual detection, and the technical problems that the existing configuration security detection of the terminal SS L/T L S depends on manual detection and the detection efficiency is low are solved.
For ease of understanding, referring to fig. 2 and 3, another embodiment of a method for detecting security of a terminal SS L/T L S configuration is provided, comprising:
It should be noted that, in this embodiment of the present application, the gateway may also be a router, and an SS L/T L S test server is deployed at the gateway/router, a TCP data packet sent by a received terminal device may be forwarded by the gateway/router, after receiving the TCP data packet sent by the terminal device, it is determined whether the TCP data packet carries a client hello message, that is, a ClientHello message, and the receipt of the ClientHello message sent by the terminal device indicates that the terminal device has initiated an SS L/T L S request.
It should be noted that the security test items in the embodiment of the present application may include a protocol version security test, an encryption suite security test, a fuzzy message security test, and a certificate security test. A specific list of security test items is shown in table 1.
Table 1 terminal equipment safety test item list
If the result of querying the database in step 201 is that all the security test items of the terminal device have been tested and pass the detection, forwarding the TCP data packet to the external network according to the original destination IP address of the TCP data packet, if the terminal device contains an incomplete security test item, responding to the ClientHello message, starting an SS L/T L S test server to perform each security test item test based on the incomplete security test item, generating a ServerHello message and a Certificate message corresponding to each security test item, and returning the ServerHello message and the Certificate message to the terminal device.
And 203, receiving a response message returned by the terminal equipment after receiving the ServerHello message and the Certificate message, and generating a test result according to the response message.
For example, when testing the security suite security item, the SS L/T L S test server sends a test message with a security test item of "insecure symmetric DES encryption algorithm" as a security test item, if the response message returned by the terminal device is "reject", the SS L/T L S configuration of the terminal device is secure, the test result of the security test item is test pass, and if the response message returned by the terminal device is "accept", the SS L/T L S configuration of the terminal device is secure, and the test result of the security test item is test fail.
And step 204, correspondingly storing the safety test items and the corresponding test results in a database.
It should be noted that, after each security test item is tested, each security test item of the terminal device and the corresponding test result are stored in the database in a one-to-one correspondence manner, so as to conveniently query the detection condition of the security test item of the terminal device.
For ease of understanding, referring to fig. 4, an embodiment of an apparatus for detecting security of a SS L/T L S configuration of a terminal is provided, comprising:
and the detection module is used for receiving a TCP data packet sent by the terminal, and inquiring the detection condition of the safety test item of the terminal equipment in the database according to the equipment IP address of the terminal equipment if the TCP data packet carries the ClientHello message.
And the test module is used for forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet if all the safety test items of the terminal equipment are tested and pass the detection, starting an SS L/T L S test server to test each safety test item based on the unfinished safety test items if the terminal equipment contains the unfinished safety test items, generating corresponding ServerHello messages and Certificate messages, and returning the ServerHello messages and the Certificate messages to the terminal equipment.
And the response module is used for receiving a response message returned after the terminal equipment receives the ServerHello message and the Certificate message, and generating a test result according to the response message.
Further, still include:
and the storage module is used for correspondingly storing the safety test items and the corresponding test results in the database.
Further, the detection module is specifically configured to:
and receiving a TCP data packet transmitted by the terminal and forwarded by the gateway, and inquiring the detection condition of the security test item of the terminal equipment in the database according to the equipment IP address of the terminal equipment if the TCP data packet carries the ClientHello message.
The detection module is further configured to:
and if the TCP data packet does not carry the ClientHello message, forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet.
For easy understanding, please refer to fig. 2, the present application provides an embodiment of a system for detecting terminal SS L/T L S configuration security, which includes a terminal device, a gateway, a database, and a device for detecting terminal SS L/T L S configuration security in the aforementioned embodiment of device for detecting terminal SS L/T L S configuration security;
the terminal equipment is used for sending a TCP data packet to the gateway;
the gateway is used for forwarding a TCP data packet to the device for detecting the SS L/T L S configuration security;
the gateway is provided with an SS L/T L S test server;
the database is used for storing the safety test items and the corresponding test results.
A TCP data packet sent by a terminal device to an external network is forwarded to a device for detecting the configuration security of a terminal SS L/T L S after passing through a gateway/router, a detection module of the device for detecting the configuration security of the terminal SS L/T L S judges whether the TCP data packet is a ClientHello message, if the TCP data packet is the ClientHello message, a database is inquired, the IP address of the terminal device is used for inquiring whether the TCP data packet is tested, if the TCP data packet is not tested, a test module is started to respond to the ClientHello message, the response message sends different ServerHello messages and Certificate messages according to different security test items, and finally, whether the terminal device passes the test item is judged according to the message returned by the terminal device, and a test result is stored in the database.
An embodiment of an apparatus for detecting security of a terminal SS L/T L S configuration is provided herein, the apparatus comprising a processor and a memory:
the memory is used for storing the program codes and transmitting the program codes to the processor;
the processor is configured to execute any one of the aforementioned embodiments of the method for detecting the security of the configuration of the terminal SS L/T L S according to the instructions in the program code, and the method for detecting the security of the configuration of the terminal SS L/T L S.
In the several embodiments provided in the present application, it should be understood that the disclosed system and method may be implemented in other ways. For example, the above-described system embodiments are merely illustrative, and for example, the division of the modules is merely a logical division, and in actual implementation, there may be other divisions, for example, multiple modules or components may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may be in an electrical, mechanical or other form.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present application may be integrated into one processing module, or each of the modules may exist alone physically, or two or more modules are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.
The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer system (which may be a personal computer, a server, or a network system) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.
Claims (10)
1. A method for detecting the security of SS L/T L S configuration of a terminal is characterized by comprising the following steps:
receiving a TCP data packet sent by terminal equipment, and inquiring the detection condition of a safety test item of the terminal equipment in a database according to an equipment IP address of the terminal equipment if the TCP data packet carries a ClientHello message;
if all the safety test items of the terminal equipment are tested and pass the detection, forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet, if the terminal equipment contains unfinished safety test items, starting an SS L/T L S test server to test each safety test item based on the unfinished safety test items, generating corresponding ServerHello messages and Certificate messages, and returning the ServerHello messages and the Certificate messages to the terminal equipment;
and receiving a response message returned by the terminal equipment after receiving the ServerHello message and the Certificate message, and generating a test result according to the response message.
2. The method for detecting the security of SS L/T L S configuration of terminal according to claim 1, further comprising:
and correspondingly storing the safety test items and the corresponding test results in the database.
3. The method for detecting the security configuration of the terminal SS L/T L S as claimed in claim 1, wherein, if the TCP packet sent by the receiving terminal carries a ClientHello message, querying a database for a detection condition of a security test item of the terminal device according to a device IP address of the terminal device, the method comprises:
and receiving a TCP data packet transmitted by the terminal and forwarded by the gateway, and inquiring the detection condition of the safety test item of the terminal equipment in a database according to the equipment IP address of the terminal equipment if the TCP data packet carries the ClientHello message.
4. The method of claim 1, wherein the method for detecting the security configuration of the terminal SS L/T L S is configured, if the TCP packet sent by the receiving terminal carries a ClientHello message, querying a database for a detection condition of a security test item of the terminal device according to a device IP address of the terminal device, and further comprising:
and if the TCP data packet does not carry the ClientHello message, forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet.
5. The method for detecting the security of the SS L/T L S configuration of the terminal as claimed in claim 1, wherein the security test items comprise a protocol version security test, an encryption suite security test, a fuzzy message security test and a certificate security test.
6. An apparatus for detecting security of SS L/T L S configuration at a terminal, comprising:
the detection module is used for receiving a TCP data packet sent by a terminal, and inquiring the detection condition of a safety test item of the terminal equipment in a database according to the equipment IP address of the terminal equipment if the TCP data packet carries a ClientHello message;
a test module, configured to forward the TCP data packet to an external network according to an original destination IP address of the TCP data packet if all security test items of the terminal device have been tested and passed through the test, and if the terminal device contains an incomplete security test item, start an SS L/T L S test server to perform each security test item test based on the incomplete security test item, generate a corresponding ServerHello message and a Certificate message, and return the ServerHello message and the Certificate message to the terminal device;
and the response module is used for receiving a response message returned by the terminal equipment after receiving the ServerHello message and the Certificate message, and generating a test result according to the response message.
7. The apparatus for detecting terminal SS L/T L S configuration security as claimed in claim 6, further comprising:
and the storage module is used for correspondingly storing the safety test items and the corresponding test results in the database.
8. The apparatus for detecting terminal SS L/T L S configuration security as claimed in claim 6, wherein said detection module is specifically configured to:
receiving a TCP data packet transmitted by a terminal and forwarded by a gateway, and inquiring the detection condition of a safety test item of the terminal equipment in a database according to the equipment IP address of the terminal equipment if the TCP data packet carries a ClientHello message;
the detection module is further configured to:
and if the TCP data packet does not carry the ClientHello message, forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet.
9. A system for testing the security of the SS L/T L S configuration terminal, characterized in that it comprises a terminal device, a gateway, a database and the device for testing the security of the SS L/T L S configuration terminal of any one of claims 6-8;
the terminal equipment is used for sending a TCP data packet to the gateway;
the gateway is used for forwarding the TCP data packet to the device for detecting the SS L/T L S configuration security;
the gateway is provided with an SS L/T L S test server;
the database is used for storing the safety test items and the corresponding test results.
10. An apparatus for detecting security of a SS L/T L S configuration at a terminal, the apparatus comprising a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the method of detecting terminal SS L/T L S configuration security of any of claims 1-5 according to instructions in the program code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010243660.8A CN111464387B (en) | 2020-03-31 | 2020-03-31 | Method, device, system and equipment for detecting security of SSL/TLS configuration of terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010243660.8A CN111464387B (en) | 2020-03-31 | 2020-03-31 | Method, device, system and equipment for detecting security of SSL/TLS configuration of terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111464387A true CN111464387A (en) | 2020-07-28 |
| CN111464387B CN111464387B (en) | 2022-02-25 |
Family
ID=71680178
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010243660.8A Active CN111464387B (en) | 2020-03-31 | 2020-03-31 | Method, device, system and equipment for detecting security of SSL/TLS configuration of terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111464387B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115701026A (en) * | 2021-07-21 | 2023-02-07 | 中移物联网有限公司 | Test method, device and terminal for transport layer security protocol |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102263826A (en) * | 2011-08-11 | 2011-11-30 | 华为技术有限公司 | Method and device for establishing connection with transport layer |
| CN103297437A (en) * | 2013-06-20 | 2013-09-11 | 中国软件与技术服务股份有限公司 | Safety server access method for mobile intelligent terminal |
| CN105591959A (en) * | 2014-10-24 | 2016-05-18 | 华耀(中国)科技有限公司 | System and method for load balancing by SSL session resuming |
| CN105872534A (en) * | 2016-04-05 | 2016-08-17 | Tcl海外电子(惠州)有限公司 | Terminal testing method and device |
| CN108566361A (en) * | 2018-01-05 | 2018-09-21 | 武汉信安珞珈科技有限公司 | A kind of safety parameter negotiation method and system based on SSL/TLS agreements |
| US20190222600A1 (en) * | 2015-12-28 | 2019-07-18 | Netsec Concepts LLC | Detection of SSL / TLS malware beacons |
-
2020
- 2020-03-31 CN CN202010243660.8A patent/CN111464387B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102263826A (en) * | 2011-08-11 | 2011-11-30 | 华为技术有限公司 | Method and device for establishing connection with transport layer |
| CN103297437A (en) * | 2013-06-20 | 2013-09-11 | 中国软件与技术服务股份有限公司 | Safety server access method for mobile intelligent terminal |
| CN105591959A (en) * | 2014-10-24 | 2016-05-18 | 华耀(中国)科技有限公司 | System and method for load balancing by SSL session resuming |
| US20190222600A1 (en) * | 2015-12-28 | 2019-07-18 | Netsec Concepts LLC | Detection of SSL / TLS malware beacons |
| CN105872534A (en) * | 2016-04-05 | 2016-08-17 | Tcl海外电子(惠州)有限公司 | Terminal testing method and device |
| CN108566361A (en) * | 2018-01-05 | 2018-09-21 | 武汉信安珞珈科技有限公司 | A kind of safety parameter negotiation method and system based on SSL/TLS agreements |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115701026A (en) * | 2021-07-21 | 2023-02-07 | 中移物联网有限公司 | Test method, device and terminal for transport layer security protocol |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111464387B (en) | 2022-02-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9923984B2 (en) | Methods, systems, and computer readable media for remote authentication dial in user service (RADIUS) message loop detection and mitigation | |
| US20190319905A1 (en) | Mail protection system | |
| CN105847245B (en) | Electronic mailbox login authentication method and device | |
| CN110012005B (en) | Method and device for identifying abnormal data, electronic equipment and storage medium | |
| KR101109817B1 (en) | Method and apparatus for reducing e-mail spam and virus distribution in a communications network by authenticating the origin of e-mail messages | |
| US20110060902A1 (en) | Vpn connection system and vpn connection method | |
| US10243829B2 (en) | Communication protocol testing method, and tested device and testing platform thereof | |
| JP6435695B2 (en) | Controller and its attacker detection method | |
| CN103338211A (en) | Malicious URL (unified resource locator) authenticating method and device | |
| WO2020092131A1 (en) | Signed message header storing sender account authentication method | |
| CN111064755B (en) | Data protection method and device, computer equipment and storage medium | |
| CN103313429A (en) | Processing method for recognizing fabricated WIFI (Wireless Fidelity) hotspot | |
| US11882112B2 (en) | Information security system and method for phishing threat prevention using tokens | |
| CN104580553A (en) | Identification method and device for network address translation device | |
| CN103905194A (en) | Identity traceability authentication method and system | |
| CN114827150A (en) | Internet of things terminal data uplink adaptation method, system and storage medium | |
| CN101471878A (en) | Safety routing method, network system and equipment for peer-to-peer session initiation protocol network | |
| KR101213935B1 (en) | Reducing unwanted and unsolicited electronic messages | |
| CN111464387B (en) | Method, device, system and equipment for detecting security of SSL/TLS configuration of terminal | |
| CN106130864A (en) | A kind of privately owned cloud access method and apparatus based on VPN | |
| CN105025009A (en) | A method for reinforcing mail system access safety and a mail safety access system | |
| CN102546552B (en) | Authentication method, equipment and system | |
| CN115801719B (en) | Mail processing method, device, equipment and readable storage medium | |
| CN115883574A (en) | Access equipment identification method and device in industrial control network | |
| CN105391720A (en) | User terminal login method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |