Tls
如何在 ubuntu 14.04 LTS 上實際禁用 SSL3
我正在執行一個伺服器,上面有 tomcat7 和 apache2。我通過另一個遠端主機發出以下命令:
openssl s_client -connect my_site:443 -ssl3
這將返回:
CONNECTED(00000003) 139773982140064:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:339: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 7 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1462854225 Timeout : 7200 (sec) Verify return code: 0 (ok) ---
我想禁用 SSLv3,我該怎麼做?
在您的配置中添加或更新以下行:
SSLProtocol all -SSLv2 -SSLv3
然後執行:
sudo apache2ctl configtest && sudo service apache2 restart