{"id":107,"date":"2019-04-19T12:02:23","date_gmt":"2019-04-19T04:02:23","guid":{"rendered":"https:\/\/cloudbool.com\/archive\/?p=107"},"modified":"2019-04-19T12:02:23","modified_gmt":"2019-04-19T04:02:23","slug":"tls-1-3-issues","status":"publish","type":"post","link":"https:\/\/cloudbool.com\/archive\/tls-1-3-issues.html","title":{"rendered":"\u4f7f\u7528TLS 1.3\u9047\u5230\u7684\u51e0\u4e2a\u95ee\u9898"},"content":{"rendered":"

\u624b\u5934\u4e0a\u6709\u53f0\u670d\u52a1\u5668\uff0c\u60f3\u4f7f\u7528TLS 1.3\uff0c\u914d\u7f6e\u597d\u4e86Nginx\uff0c\u6d4f\u89c8\u5668\u4e5f\u5347\u7ea7\u5230\u4e86\u6700\u65b0\u7248\u672c\uff0c\u4f46\u662f\u4e00\u76f4\u65e0\u6cd5\u4f7f\u7528TLS 1.3\u4f5c\u4e3a\u9ed8\u8ba4TLS\u7248\u672c\uff0c\u524d\u524d\u540e\u540e\u82b1\u4e86\u70b9\u65f6\u95f4\u89e3\u51b3\uff0c\u89e3\u51b3\u7684\u540c\u65f6\u4e5f\u4e86\u89e3\u4e86\u4e0b\u76f8\u5173\u7684\u77e5\u8bc6\uff0c\u8fd9\u91cc\u8bb0\u5f55\u4e00\u4e0b\u3002
\n<\/p>\n

\u65e0\u6cd5\u4f7f\u7528TLS 1.3\u534f\u8bae<\/h2>\n

\u6839\u636e\u53d1\u884c\u65e5\u5fd7\uff0cNginx\u81ea\u4ece1.13\u5f00\u59cb\u5c31\u652f\u6301Nginx 1.13\uff0c\u4f46\u662f\u6211\u670d\u52a1\u5668\u4e0a\u5b89\u88c5\u4e86Nginx 1.14.2\u7248\u672c\uff0c\u914d\u7f6e\u6587\u4ef6\u4e5f\u5f00\u542f\u4e86TLSv1.3\uff0c\u4f46\u662f\u5728\u6700\u65b0\u7248\u7684Chrome\u7684Security\u9009\u9879\u5361\u754c\u9762\u8fd8\u662f\u663e\u793a\u4f7f\u7528\u7684\u662fTLS 1.2\uff0c\u5982\u4e0b\uff1a
\n\"chrome-security-tls1.2-tls1.3\"
\n\u5176\u4e2d\u6709\u4e00\u6bb5\u5185\u5bb9\uff1a<\/p>\n

\n The connection to this site is encrypted and authenticated using TLS 1.2, ECDHE_RSA with X25519, and AES_128_GCM.\n<\/p><\/blockquote>\n

\u8bf4\u660e\u8fd8\u662f\u4f7f\u7528\u7684TLS 1.2\uff0c\u4f46\u662f\u6211Nginx\u914d\u7f6e\u6587\u4ef6\u660e\u660e\u662f\u542f\u7528\u4e86TLS 1.3\uff0c\u914d\u7f6e\u5982\u4e0b\uff1a<\/p>\n

        ssl on;\n        ssl_certificate \/path\/ssl\/cloudbool-ecc.crt;\n        ssl_certificate_key \/path\/ssl\/cloudbool-ecc.key;\n        ssl_session_cache        shared:SSL:10m;\n        ssl_session_timeout      10m;\n        ssl_session_tickets      on;\n        resolver                 119.29.29.29 223.5.5.5  valid=5s;\n        resolver_timeout         10s;\n        ssl_session_cache builtin:1000 shared:SSL:10m;\n        ssl_dhparam \/path\/ssl\/dhparam.pem;\n        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;\n        ssl_stapling on;\n        ssl_stapling_verify on;\n        add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains\" always;\n<\/code><\/pre>\n
\u767e\u601d\u4e0d\u5f97\u5176\u89e3\u7684\u65f6\u5019\uff0c\u7ffb\u4e86\u4e0bOpenSSL\u7684\u6587\u6863\uff0c\u4ecb\u7ecdTLS 1.3\u7684\u6587\u6863<\/a>\u6709\u53e5\u8bdd\u5982\u4e0b\uff1a<\/p>\n
\n  The OpenSSL git master branch (and the 1.1.1-pre9 beta version) contain our development TLSv1.3 code which is based on the final version of RFC8446 and can be used for testing purposes\n<\/p><\/blockquote>\n
\u610f\u601d\u662f\uff0c\u4ece1.1.1-pre9\u7248\u624d\u5305\u542bTLS 1.3\u6700\u7ec8\u7248\u76f8\u5173\u7684\u5f00\u53d1\u4ee3\u7801\uff0c\u90a3\u5982\u679c\u8981\u5f00\u542fTLS 1.3\uff0c\u90a3\u7f16\u8bd1Nginx\u65f6\u4f7f\u7528\u7684OpenSSL\u7248\u672c\u5fc5\u987b\u662f1.1.1-pre9\u7248\u672c\u4e4b\u540e\u7684\u4e86\uff0c\u67e5\u770bNginx\u7684\u7f16\u8bd1\u4fe1\u606f\uff1a<\/p>\n
root@cloudbool:~# nginx -V\nnginx version: nginx\/1.14.2\nbuilt by gcc 6.3.0 20170516 (Debian 6.3.0-18+deb9u1)\nbuilt with OpenSSL 1.1.0j  20 Nov 2018\nTLS SNI support enabled\nconfigure arguments: --prefix=\/etc\/nginx --sbin-path=\/usr\/sbin\/nginx --modules-path=\/usr\/lib\/nginx\/modules --conf-path=\/etc\/nginx\/nginx.conf --error-log-path=\/var\/log\/nginx\/error.log --http-log-path=\/var\/log\/nginx\/access.log --pid-path=\/var\/run\/nginx.pid --lock-path=\/var\/run\/nginx.lock --http-client-body-temp-path=\/var\/cache\/nginx\/client_temp --http-proxy-temp-path=\/var\/cache\/nginx\/proxy_temp --http-fastcgi-temp-path=\/var\/cache\/nginx\/fastcgi_temp --http-uwsgi-temp-path=\/var\/cache\/nginx\/uwsgi_temp --http-scgi-temp-path=\/var\/cache\/nginx\/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fdebug-prefix-map=\/root\/new\/nginx_rebulid\/nginx-1.14.2=. -specs=\/usr\/share\/dpkg\/no-pie-compile.specs -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC -Wno-error' --with-ld-opt='-specs=\/usr\/share\/dpkg\/no-pie-link.specs -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' --add-module=\/usr\/local\/src\/ngx_http_google_filter_module --add-module=\/usr\/local\/src\/ngx_http_substitutions_filter_module --add-module=\/usr\/local\/src\/ngx_cache_purge\n<\/code><\/pre>\n
\u770b\u6765\u95ee\u9898\u5c31\u662f\u51fa\u5728OpenSSL\u7248\u672c\u4e0a\uff0c\u8fd9\u53f0\u670d\u52a1\u5668\u6240\u4f7f\u7528\u7684Nginx\u7684openssl\u7248\u672c\u8fd8\u662f1.1.0\uff0c\u6240\u4ee5\u9ed8\u8ba4\u5728chrome\u4e0b\u4e0d\u4f1a\u542f\u7528TLS 1.3\u8fdb\u884c\u8fde\u63a5\u3002\u89e3\u51b3\u529e\u6cd5\u4e5f\u5f88\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5347\u7ea7\u4e0bOpenSSL\u7684\u7248\u672c\u5462\u5e76\u91cd\u65b0\u7f16\u8bd1\u4e00\u4e0bNginx\u5c31\u884c\u3002
\n\u5347\u7ea7OpenSSL\u4e4b\u540e\uff0c\u91cd\u65b0\u7528Chrome\u6253\u5f00\u53d1\u73b0\u6210\u529f\u542f\u7528\u4e86TLS 1.3\uff0c\u5982\u56fe\u6240\u793a\uff1a
\n\"\"
\n\u89e3\u51b3\u95ee\u9898\u7684\u8fc7\u7a0b\u4e2d\uff0c\u4e86\u89e3\u5230\u5176\u5b9e\u9664\u4e86\u6d4f\u89c8\u5668\uff0c\u6211\u4eec\u4e5f\u53ef\u4ee5\u4f7f\u7528curl\u548copenssl\u5bf9\u670d\u52a1\u5668\u8fdb\u884cTLS 1.3\u901a\u4fe1\uff0c\u4e0b\u9762\u662f\u4e00\u4e9b\u76f8\u5173\u547d\u4ee4\u3002<\/p>\n
curl\u4f7f\u7528TLS 1.3<\/h2>\n
\u6839\u636ecurl\u4f5c\u8005\u7684\u4e00\u7bc7\u5173\u4e8eTLS 1.3\u7684\u535a\u5ba2<\/a>\uff0ccurl\u4ece7.54.0\u7248\u672c\u5f00\u59cb\u652f\u6301\u4f7f\u7528TLS1.3\u8fdb\u884c\u8bf7\u6c42\uff0c\u4f46\u662f\u6211\u5728macOS\u4f7f\u7528brew\u5b89\u88c5\u7684curl\u8fdb\u884cTLS 1.3\u8bf7\u6c42\u65f6\uff0ccurl\u62a5\u9519\u5982\u4e0b\uff1a<\/p>\n
\u279c  ~ curl -Ivvv --tlsv1.3 https:\/\/cloudbool.com\ncurl: (4) LibreSSL was built without TLS 1.3 support\n<\/code><\/pre>\n
\u800c\u5728Deiban 9\u4e0b\u7684\u60c5\u51b5\u662f\uff1a<\/p>\n
zoco@DebianLocal:~$ curl --tlsv1.3 https:\/\/cloudbool.com\ncurl: (4) OpenSSL was built without TLS 1.3 support\nzoco@DebianLocal:~$ curl -V\ncurl 7.52.1 (x86_64-pc-linux-gnu) libcurl\/7.52.1 OpenSSL\/1.0.2r zlib\/1.2.8 libidn2\/0.16 libpsl\/0.17.0 (+libidn2\/0.16) libssh2\/1.7.0 nghttp2\/1.18.1 librtmp\/2.3\nProtocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp\nFeatures: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL\n<\/code><\/pre>\n
\u4e3a\u4e86\u65b9\u4fbf\uff0c\u6211\u662f\u76f4\u63a5\u4f7f\u7528\u4e86Debian 10\u7cfb\u7edf\u4e0b\u5b89\u88c5\u7684curl\uff0c\u7ed3\u679c\u5982\u4e0b\uff1a<\/p>\n
zoco@Debian10:~$ curl --tlsv1.3 -Ivvv https:\/\/cloudbool.com\n...\n*   Trying 111.231.xxx.xxx...\n* TCP_NODELAY set\n* Expire in 200 ms for 4 (transfer 0x55d6f358cdd0)\n* Connected to cloudbool.com (111.231.xxx.xxx) port 443 (#0)\n* ALPN, offering h2\n* ALPN, offering http\/1.1\n* successfully set certificate verify locations:\n*   CAfile: none\n  CApath: \/etc\/ssl\/certs\n* TLSv1.3 (OUT), TLS handshake, Client hello (1):\n* TLSv1.3 (IN), TLS handshake, Server hello (2):\n* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):\n* TLSv1.3 (IN), TLS handshake, Certificate (11):\n* TLSv1.3 (IN), TLS handshake, CERT verify (15):\n* TLSv1.3 (IN), TLS handshake, Finished (20):\n* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):\n* TLSv1.3 (OUT), TLS handshake, Finished (20):\n* SSL connection using TLSv1.3 \/ TLS_AES_256_GCM_SHA384\n* ALPN, server accepted to use h2\n* Server certificate:\n*  subject: OU=Domain Control Validated; OU=PositiveSSL; CN=cloudbool.com\n*  start date: Mar 20 00:00:00 2019 GMT\n*  expire date: Mar 19 23:59:59 2020 GMT\n*  subjectAltName: host \"cloudbool.com\" matched cert's \"cloudbool.com\"\n*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo ECC Domain Validation Secure Server CA\n*  SSL certificate verify ok.\n* Using HTTP2, server supports multi-use\n* Connection state changed (HTTP\/2 confirmed)\n* Copying HTTP\/2 data in stream buffer to connection buffer after upgrade: len=0\n* Using Stream ID: 1 (easy handle 0x55d6f358cdd0)\n> HEAD \/ HTTP\/2\n> Host: cloudbool.com\n> User-Agent: curl\/7.64.0\n> Accept: *\/*\n>\n* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):\n* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):\n* old SSL session ID is stale, removing\n* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!\n< HTTP\/2 200\nHTTP\/2 200\n< server: nginx\nserver: nginx\n< date: Fri, 19 Apr 2019 03:53:09 GMT\ndate: Fri, 19 Apr 2019 03:53:09 GMT\n< content-type: text\/html; charset=UTF-8\ncontent-type: text\/html; charset=UTF-8\n< vary: Accept-Encoding, Cookie\nvary: Accept-Encoding, Cookie\n< cache-control: max-age=3, must-revalidate\ncache-control: max-age=3, must-revalidate\n< strict-transport-security: max-age=63072000; includeSubDomains; preload\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\n<\n* Connection #0 to host cloudbool.com left intact\n<\/code><\/pre>\n
\u5982\u679c\u9700\u8981\u6307\u5b9acipher\uff0c\u53ef\u4ee5\u52a0\u4e0a–ciphers<\/strong>\u53c2\u6570\u6216\u8005–tls13-ciphers<\/strong>\u3002
\n\u7ecf\u8fc7\u6211\u7684\u5b9e\u9645\u6d4b\u8bd5\uff0c\u5982\u679ccurl\u652f\u6301TLS 1.3\uff0c\u9ed8\u8ba4\u5c31\u662f\u4f7f\u7528TLS1.3\u8fdb\u884c\u8bf7\u6c42\u3002<\/p>\n
OpenSSL\u4f7f\u7528TLS 1.3\u8fdb\u884c\u8bf7\u6c42<\/h2>\n
\u9664\u4e86\u4f7f\u7528curl\uff0c\u5176\u5b9e\u4f7f\u7528OpenSSL\u4e5f\u662f\u53ef\u4ee5\u76f4\u63a5\u53d1\u8d77TLS1.3\u8bf7\u6c42\u7684\uff0c\u547d\u4ee4\u683c\u5f0f\u5982\u4e0b\uff1a<\/p>\n
\n  openssl s_client ip:port [-cipher ‘cipher_name’]\n<\/p><\/blockquote>\n
\u4e3e\u4f8b\u5982\u4e0b\uff1a<\/p>\n
zoco@Debian10:~$ openssl s_client cloudbool.com:443\nCONNECTED(00000003)\ndepth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust ECC Certification Authority\nverify return:1\ndepth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo ECC Domain Validation Secure Server CA\nverify return:1\ndepth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = cloudbool.com\nverify return:1\n...\n---\nNo client certificate CA names sent\nPeer signing digest: SHA256\nPeer signature type: ECDSA\nServer Temp Key: X25519, 253 bits\n---\nSSL handshake has read 2451 bytes and written 384 bytes\nVerification: OK\n---\nNew, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384\nServer public key is 256 bit\nSecure Renegotiation IS NOT supported\nCompression: NONE\nExpansion: NONE\nNo ALPN negotiated\nEarly data was not sent\nVerify return code: 0 (ok)\n---\n---\nPost-Handshake New Session Ticket arrived:\nSSL-Session:\n    Protocol  : TLSv1.3\n    Cipher    : TLS_AES_256_GCM_SHA384\n    Session-ID: 6DBC42697BE57168F47532E8116A0222C44B21D8C00B5AAFD90E5DE7940DFBB8\n    Session-ID-ctx:\n    Resumption PSK: B8107D92D2CDC418FEAC15BA3F7482A0F4087FFB1239E3C89C1CCE00378D8E3A3BF764F5A45709536066B8C33E13A957\n    PSK identity: None\n    PSK identity hint: None\n    SRP username: None\n    TLS session ticket lifetime hint: 600 (seconds)\n    TLS session ticket:\n...\n    Start Time: 1555646308\n    Timeout   : 7200 (sec)\n    Verify return code: 0 (ok)\n    Extended master secret: no\n    Max Early Data: 0\n---\nread R BLOCK\n---\nPost-Handshake New Session Ticket arrived:\nSSL-Session:\n    Protocol  : TLSv1.3\n    Cipher    : TLS_AES_256_GCM_SHA384\n    Session-ID: 4A3B6BA3FCBEFB6E180F441FDF0E58DB9BDC621621915411AAE5D78947B16A3F\n    Session-ID-ctx:\n    Resumption PSK: 3CFA3B3D78D7EC579E5C5A21BE5E4531DF4FF5ACDD70E95DCF821775A069742FCF0CA679029F89C838594AC10249FCBC\n    PSK identity: None\n    PSK identity hint: None\n    SRP username: None\n    TLS session ticket lifetime hint: 600 (seconds)\n    TLS session ticket:\n...\n    Start Time: 1555646308\n    Timeout   : 7200 (sec)\n    Verify return code: 0 (ok)\n    Extended master secret: no\n    Max Early Data: 0\n---\nread R BLOCK\nr\nHTTP\/1.1 400 Bad Request\nServer: nginx\nDate: Fri, 19 Apr 2019 03:58:32 GMT\nContent-Type: text\/html\nContent-Length: 166\nConnection: close\nStrict-Transport-Security: max-age=63072000; includeSubDomains; preload\n<html>\n<head><title>400 Bad Request<\/title><\/head>\n<body bgcolor=\"white\">\n<center><h1>400 Bad Request<\/h1><\/center>\n<hr><center>nginx<\/center>\n<\/body>\n<\/html>\nread:errno=0\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
\u624b\u5934\u4e0a\u6709\u53f0\u670d\u52a1\u5668\uff0c\u60f3\u4f7f\u7528TLS 1.3\uff0c\u914d\u7f6e\u597d\u4e86Nginx\uff0c\u6d4f\u89c8\u5668\u4e5f\u5347\u7ea7\u5230\u4e86\u6700\u65b0\u7248\u672c\uff0c\u4f46\u662f\u4e00\u76f4\u65e0\u6cd5\u4f7f\u7528TLS  …<\/p>\n
  \u4f7f\u7528TLS 1.3\u9047\u5230\u7684\u51e0\u4e2a\u95ee\u9898<\/span> \u67e5\u770b\u5168\u6587 »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"footnotes":""},"categories":[138],"tags":[152,76,163,168],"class_list":["post-107","post","type-post","status-publish","format-standard","hentry","category-share","tag-curl","tag-nginx","tag-openssl","tag-tls-1-3"],"_links":{"self":[{"href":"https:\/\/cloudbool.com\/archive\/wp-json\/wp\/v2\/posts\/107","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudbool.com\/archive\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudbool.com\/archive\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudbool.com\/archive\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudbool.com\/archive\/wp-json\/wp\/v2\/comments?post=107"}],"version-history":[{"count":0,"href":"https:\/\/cloudbool.com\/archive\/wp-json\/wp\/v2\/posts\/107\/revisions"}],"wp:attachment":[{"href":"https:\/\/cloudbool.com\/archive\/wp-json\/wp\/v2\/media?parent=107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudbool.com\/archive\/wp-json\/wp\/v2\/categories?post=107"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudbool.com\/archive\/wp-json\/wp\/v2\/tags?post=107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}