在伺服器安全方面,我是一個完全的新手,但我會盡力正確解釋我的問題。
EDH-RSA-DES-CBC3-SHA我正在嘗試在我的 Mac 伺服器上停用 Apache TLS 終止的密碼套件以透過 nessus 掃描,除了一個似乎一直失敗的掃描之外,我已經能夠通過所有掃描。我環顧四周,似乎找不到這個問題的答案。我的伺服器的conf檔案如下。這是我透過查看不同的部落格得到的結果,但似乎不起作用。
Library/Server/Web/Config/apache2/sites/0000_any_443_www.mySite.com.conf:
<VirtualHost 127.0.0.1:34580>
ServerName http://mysitte.com:80
ServerAdmin [email protected]
DocumentRoot "/Library/Server/Web/Data/Sites/Default/myfoler"
DirectoryIndex index.html index.php default.html
CustomLog /var/log/apache2/access_log combinedvhost
ErrorLog /var/log/apache2/error_log
<IfModule mod_ssl.c>
SSLEngine Off
SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
SSLProtocol -all +TLSv1.1 +TLSv1.2
SSLProxyEngine On
SSLProxyProtocol -all +TLSv1.1 +TLSv1.2
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
</IfModule>
<Directory "/Library/Server/Web/Data/Sites/Default/myfolder">
Options All -Indexes -ExecCGI -Includes +MultiViews
AllowOverride None
<IfModule mod_dav.c>
DAV Off
</IfModule>
<IfDefine !WEBSERVICE_ON>
Require all denied
ErrorDocument 403 /customerror/websitesoff403.html
</IfDefine>
</Directory>
當我運行測試時
Testing ECDHE-ECDSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing SRP-DSS-3DES-EDE-CBC-SHA...NO (no ciphers available)
Testing SRP-RSA-3DES-EDE-CBC-SHA...NO (no ciphers available)
Testing SRP-3DES-EDE-CBC-SHA...NO (no ciphers available)
Testing EDH-RSA-DES-CBC3-SHA...YES !!!!!!!!!!!!(This is failling)
Testing EDH-DSS-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ADH-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing DES-CBC3-SHA...YES
Testing PSK-3DES-EDE-CBC-SHA...NO (no ciphers available)
Testing ECDHE-RSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-NULL-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing NULL-SHA256...NO (sslv3 alert handshake failure)