Tls

如何在 ubuntu 14.04 LTS 上實際禁用 SSL3

  • May 10, 2016

我正在執行一個伺服器,上面有 tomcat7 和 apache2。我通過另一個遠端主機發出以下命令:

openssl s_client -connect my_site:443 -ssl3

這將返回:

CONNECTED(00000003)
139773982140064:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:339:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
   Protocol  : SSLv3
   Cipher    : 0000
   Session-ID: 
   Session-ID-ctx: 
   Master-Key: 
   Key-Arg   : None
   PSK identity: None
   PSK identity hint: None
   SRP username: None
   Start Time: 1462854225
   Timeout   : 7200 (sec)
   Verify return code: 0 (ok)
---

我想禁用 SSLv3,我該怎麼做?

在您的配置中添加或更新以下行:

SSLProtocol all -SSLv2 -SSLv3

然後執行:sudo apache2ctl configtest && sudo service apache2 restart

引用自:https://serverfault.com/questions/775790