windows系统SSL/TLS漏洞修复
作者:互联网
SSL/TLS协议信息泄露漏洞(CVE-2016-2183)
DES/3DES Ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
SSL/TLS 受诫礼(BAR-MITZVAH)攻击漏洞(CVE-2015-2808)
RC4 Ciphers:
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
SSL/TLS RC4 信息泄露漏洞(CVE-2013-2566)
RC4 Ciphers:
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
解决
安全扫描报告说明以上加密算法都是不安全,只需将对应加密码算法套件禁用即可。
windows系统修改组策略中SSL密码套件顺序:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_NULL_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA
查询加密算法是否安全
https://ciphersuite.info/search/?q=_RSA_WITH_RC4_128_SHA
参考
https://www.cnblogs.com/jianshuai520/p/14333483.html
标签:TLS,CBC,AES,windows,RSA,SSL,128,ECDHE 来源: https://www.cnblogs.com/bugbeta/p/15169461.html