[1]SAWERS P. Google: HTTPS now represents more than 50% of all pages loaded through Chrome on the desktop[OL]. 2016[20170505]. http:venturebeat.com20161104googletransparencyreporthttps[2]Aas J. Mozilla telemetry shows more than 50% of page loads were HTTPS yesterday. First time that has ever happened[OL]. 2016[20170505]. https:twitter.com0xjoshstatus786971412959420424[3]Durumeric Z, Kasten J, Adrian D, et al. The matter of heartbleed[C] Proc of Conf on Internet Measurement.New York: ACM, 2014: 475488[4]Zheng X, Jiang J, Liang J, et al. Cookies lack integrity: Realworld implications[C] Proc of the 24th USENIX Security Symp. Berkeley: USENIX Association, 2015: 707721[5]Aviram N, Schinzel S, Somorovsky J, et al. DROWN: Breaking TLS using SSLv2[C] Proc of the 25th USENIX Security Symp. Berkeley: USENIX Association, 2016[6]Risti I. Qualys SSL Labs[OL].[20170505]. https:www.ssllabs.comindex.html[7]HighTech Bridge SA. HighTech Bridge Free SSL Server Test[OL]. 2015[20170505]. https:www.htbridge.comssl[8]Polk T, McKay K, Chokhani S. Guidelines for the selection, configuration, and use of transport layer security (TLS) implementations[JOL]. NIST Special Publication, 2014 [20170606]. http:nvlpubs.nist.govnistpubsSpecialPublicationsNIST.SP.80052r1.pdf[9]DSS P C I. Requirements and security assessment procedures[JOL]. PCI Security Standards Council, 2008 [20170606]. https:www.pcisecuritystandards.orgdocumentsPCI_DSS_v32.pdf[10]Centers for Disease Control and Prevention. HIPAA privacy rule and public health[JOL]. 2003 [20170606]. http:www.hhs.govhipaaforprofessionalsbreachnotific actionguidanceindex.html[11]Hodges J. Hows my SSL?[OL].[20170505]. https:www.howsmyssl.com[12]Mozilla. CipherScan[OL].[20170505]. https:github.commozillacipherscan[13]Somorovsky J. Systematic fuzzing and testing of TLS libraries[C] Proc of ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2016: 14921504[14]Risti I. SSLTLS Deployment Best Practices[OL]. 2016[20170505]. https:github.comssllabsresearchwikiSSLandTLSDeploymentBestPractices[15]Mell P, Scarfone K, Romanosky S. Common vulnerability scoring system[J]. IEEE Security and Privacy, 2006, 4(6): 8589[16]杜栋, 庞庆华. 现代综合评价方法与案例精选[M]. 北京: 清华大学出版社, 2005[17]树柏. 实用决策方法: 层次分析法原理[M]. 天津: 天津大学出版社, 1988