关于 SSL 部署在 IIS7.5 环境, SSL Server Test 检测为 F 的解决方案。
Joming · 2016-02-26 19:44:35 +08:00 · 2779 次点击这是一个创建于 3194 天前的主题,其中的信息可能已经有所发展或是发生改变。
IIS7.5 部署 SSL 以后检测为 F , Protocol Support 几乎为 0.
This server supports SSL 2, which is obsolete and insecure. Grade set to F.
This server uses SSL 3, which is obsolete and insecure. Grade capped to B.
The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C.
This server accepts RC4 cipher, but only with older protocol versions. Grade capped to B.
The server does not support Forward Secrecy with the reference browsers.
求指导!!!
This server supports SSL 2, which is obsolete and insecure. Grade set to F.
This server uses SSL 3, which is obsolete and insecure. Grade capped to B.
The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C.
This server accepts RC4 cipher, but only with older protocol versions. Grade capped to B.
The server does not support Forward Secrecy with the reference browsers.
求指导!!!
 |
1
matsuz 2016-04-15 10:36:57 +08:00 via Android
搜索一下关闭 ssl v2/v3 的方法。使用 TLS.
不要用 rc4/md5 。 我原来弄过几次, Win 配置这个挺复杂的,要改注册表 |
|
3
matsuz 2016-04-17 16:22:57 +08:00 via Android
@Joming 弄好就行。可能我看的是过时的资料吧, windows 这方面中文资料比较少, msdn 我也不大会用。不过我现在已经转 Linux 了
|
 |
4
Joming OP @matsuz 配置 A+很简单,我这里贴一下,下次用得上。打开 win2008 的控制台,找到本地计算机策略》计算机配置》管理模板》网络》 SSL 配置设置》双击 SSL 密码套件顺序》悬着已启用,然后选项下面填写 SSL 密码套件。注意不是在注释里面填写,我现在配置的 A+得分套件是: TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA
然后点击确定即可。重启一下 IIS ,然后再评测即可。 |
Select Language