SSL/TLS 服务器瞬时 Diffie-Hellman 公共密钥过弱
作者:互联网
- 关于ssl配置可参考:https://ssl-config.mozilla.org/
TOMCAT
通过修改tomcat
配置文件conf/server.xml
,在端口下配置:
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_
CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_
128_CBC_SHA256,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH
_3DES_EDE_CBC_SHA"
SpringBoot
修改Springboot
配置文件application.yml
server:
ssl:
enabled-protocols: TLSv1,TLSv1.1,TLSv1.2
ciphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA
.end
标签:TLS,CBC,AES,Hellman,过弱,RSA,SHA,128 来源: https://www.cnblogs.com/zrxuexi/p/14763538.html