仍然是 UBUNTU 的新手,如果它是一個愚蠢的,請原諒。我在 Askubuntu 上發布了這個問題,但有人建議將其發佈在 superuser.com 上
我被要求停止支援 TLS1.0 密碼。谷歌搜尋並發現將以下行新增至 ssl.conf 可以從 httpd 中刪除 TLS1.0 :
SSLProtocol all -TLSv1
kali linux 上有一個“sslscan”,我用它來掃描連接埠 443 的 ip,以列出該 ip 支援的密碼。
現在,在刪除 TLS1.0 密碼之前,SSLSCAN 可以正常運作並給出正確的結果,如下所示:
TLS renegotiation:
Session renegotiation not supported
TLS Compression:
Compression disabled
Heartbleed:
TLS 1.0 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.2 not vulnerable to heartbleed
Supported Server Cipher(s):
Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
Accepted TLSv1.0 256 bits AES256-SHA
Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
Accepted TLSv1.0 128 bits AES128-SHA
Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 1024 bits
Accepted TLSv1.0 112 bits DES-CBC3-SHA
Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
Accepted TLSv1.1 256 bits AES256-SHA
Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
Accepted TLSv1.1 128 bits AES128-SHA
Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 1024 bits
Accepted TLSv1.1 112 bits DES-CBC3-SHA
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
Accepted TLSv1.2 256 bits AES256-SHA
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
Accepted TLSv1.2 128 bits AES128-SHA
Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 1024 bits
Accepted TLSv1.2 112 bits DES-CBC3-SHA
Preferred Server Cipher(s):
TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
SSL Certificate:
"SSL Certificate details , I think is confidential to my organization so not sharing it"
刪除 TLS1.0 CIPHERS SSLSCAN 結果如下:
TLS renegotiation:
Session renegotiation not supported
TLS Compression:
Compression disabled
Heartbleed:
TLS 1.0 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.2 not vulnerable to heartbleed
Supported Server Cipher(s):
Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
Accepted TLSv1.1 256 bits AES256-SHA
Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
Accepted TLSv1.1 128 bits AES128-SHA
Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
Accepted TLSv1.1 112 bits DES-CBC3-SHA
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
Accepted TLSv1.2 256 bits AES256-SHA
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
Accepted TLSv1.2 128 bits AES128-SHA
Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
Accepted TLSv1.2 112 bits DES-CBC3-SHA
Preferred Server Cipher(s):
TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Failed to connect to get certificate.
為什麼刪除 TLS1.0 密碼後,sslscan 無法連線以取得憑證?我是否錯誤地刪除了 TLS1.0?如果是,停用/刪除 TLS1.0 密碼的正確方法是什麼?還是正常的? sslscan 是否僅使用 TLS1.0 來掃描我已停用的連接埠 443 的 IP,即無法取得憑證?
如果有人想在 Askubuntu 上查看這個問題,請點擊以下連結:https://askubuntu.com/questions/819568/sslscan-not-getting-execulated-properly-after-removing-tls1-0