Yesterday afternoon, the wechat group (click to join) was discussing the detailed process of configuring HTTPS in Spring Boot.
Then a group of friends jumped out and joked: “Forget HTTPS, we will be punished together.” They tweeted:
It was posted by Scott Helme, a hacker, founder of Security Headers and Report Uri, author of Pluralsight and resident BBC hacker.
He said CAs now appeared to be stopping issuing certificates for Russian domain names, or even revoking those it had already issued. At the same time, he gave the following report of the revoked certificate:
For example, this is a Russian bank: crt.sh/? Id = 5828347… Interested partners can go to research, and these:
crt.sh/? Id = 5828347… crt.sh/? Id = 6218871… crt.sh/? Id = 4582341… crt.sh/? Id = 2713661…
If this is part of the sanctions, it will certainly have a big impact on current Internet applications, and may indeed be a risk. Does your current system have the ability to quickly switch between HTTP and HTTPS?
DD didn’t seem to have seen a statement of sanctions recently, so he checked the tweet again and found this reply:
The authors say that although they have found instances of certificates being revoked, there is no indication that this is related to sanctions.
So, it’s not clear at this point whether it’s sanctions or something else. So what do you think about that? Or if you know more, please leave a comment.
Welcome to pay attention to my public number: program ape DD. Learn cutting-edge industry news, share in-depth technical know-how, and obtain high-quality learning resources at the first time