1.3.2 Public Key PinningĮxtract the public key in the certificate and built into the client, verify the correctness of the connection by comparing the public key value with the server. The certificate needs to be re-built to the app after renewal. However, there is a validity period in the CA issuance certificate, and the disadvantage is Therefore, communication between the client and the server (eg, the API gateway) can guarantee absolute security. Need to accept only a certificate of the specified domain name in the client code, without accepting any certificate corresponding to the HOF root certificate built into the browser, through this authorization, the uniqueness and security of the APP and server communication is guaranteed. SSL-Pinning has two ways: 1.3.1 Certificate Pinning Solving the idea is that the client also presets a certificate of the server, and it is true and false. You can find a fake server certificate for the point of the intermediary attack to the client, and the client misunderstands true. If the received certificate is not trusted by the client, it will disconnect directly. 3.1.3 Reduce TargetsDkVersion Certificate sent by the server.3.1.1 Configuring NetworkSecurit圜onfig in AndroidManifest.3.1 User CA certificate restrictions of Android 7.0.1.3.3 Differences between bidirectional verification and SSL PINNING.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |