我在 azure 上部署了一个 tomcat 服务器,它有我的 REST API。到目前为止,我使用 HTTP 从我的 android 应用程序联系服务器并获得响应。今天,我向服务器添加了一个自签名证书,当我使用 android 应用程序(通过将 URL 更改为 https)进行测试时,一切正常。但是,我想确认响应是否真的被加密了。我该如何检查?
最佳答案
命令
curl -k -v https://github.com/corvusoft/restbed
输出
* Hostname was NOT found in DNS cache
* Trying 192.30.252.129...
* Connected to github.com (192.30.252.129) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* Server certificate: github.com
* Server certificate: DigiCert SHA2 Extended Validation Server CA
* Server certificate: DigiCert High Assurance EV Root CA
> GET /corvusoft/restbed HTTP/1.1
> User-Agent: curl/7.37.1
> Host: github.com
> Accept: */*
>
< HTTP/1.1 200 OK
* Server GitHub.com is not blacklisted
< Server: GitHub.com
...
可以找到 Curl 文档 here
-k, --insecure
(SSL) This option explicitly allows curl to perform "insecure" SSL connections and transfers. All SSL connections are attempted to be made secure by using the CA certificate bundle installed by default. This makes all connections considered "insecure" fail unless -k, --insecure is used.
-v, --verbose
Be more verbose/talkative during the operation. Useful for debugging and seeing what's going on "under the hood". A line starting with '>' means "header data" sent by curl, '<' means "header data" received by curl that is hidden in normal cases, and a line starting with '*' means additional info provided by curl.
关于tomcat - https 检查服务器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31088242/