昨天完成了PCI第二季度的ASV扫描,也扫出几个问题,主是IHS SSL加密比较弱:
1.PCI ASV扫描出来的两个问题:
(1)38140 - SSL Server Supports Weak Encryption Vulnerability
(2)38139 - SSL Server Has SSLv2 Enabled Vulnerability
2.解决办法就是在IHS上启用SSLV3:
修改httpd.conf配置,添加以下内容
## SSLv3 128 bit Ciphers
SSLCipherSpec SSL_RSA_WITH_RC4_128_MD5
SSLCipherSpec SSL_RSA_WITH_RC4_128_SHA
## FIPS approved SSLV3 and TLSv1 128 bit AES Cipher
SSLCipherSpec TLS_RSA_WITH_AES_128_CBC_SHA
## FIPS approved SSLV3 and TLSv1 256 bit AES Cipher
SSLCipherSpec TLS_RSA_WITH_AES_256_CBC_SHA
## Triple DES 168 bit Ciphers
## These can still be used, but only if the client does
## not support any of the ciphers listed above.
SSLCipherSpec SSL_RSA_WITH_3DES_EDE_CBC_SHA
## The following block disenables SSLv2.
SSLProtocolDisable SSLv2
转载于:https://blog.51cto.com/168ok8/1243483
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)