- Mark Chang
- 0°C
- 6 年又 97 天
Weak SSL Cipher在Apache中禁用過時的SSL / TLS版本
使用vi(或vim)編輯ssl.conf (通常位於/etc/httpd/conf.d/底下)查詢SSL Protocol support
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol all -SSLv2 -SSLv3註解掉SSLProtocol all -SSLv2 -SSLv3
添加
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1往下拉底下SSL Cipher Suite部分也一併處理
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA註解掉SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
添加
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
SSLHonorCipherOrder on最後~保存文件並重新啟動Apache
以上紀錄
https://innstory.com/story-WeakSSLCipher在Apache中禁用過時的SSLTLS版本-2097
