我有一个PHP应用程序运行在Apache 2.4在Windows服务器上。业务安全问题之一是禁用SSL - RC4密码支持。
我在httpd.conf中添加了这些行:
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
但是这个问题还是不断出现。
我需要在操作系统中做些什么来禁用这个密码吗?谢谢!
我们一直在Windows上禁用SSL3和RC4过滤器。将以下代码保存为DisableSSLv3AndRC4。然后双击它
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE'SYSTEM'CurrentControlSet'Control'SecurityProviders'SCHANNEL'Protocols'SSL 3.0]
[HKEY_LOCAL_MACHINE'SYSTEM'CurrentControlSet'Control'SecurityProviders'SCHANNEL'Protocols'SSL 3.0'Client]
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE'SYSTEM'CurrentControlSet'Control'SecurityProviders'SCHANNEL'Protocols'SSL 3.0'Server]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE'SYSTEM'CurrentControlSet'Control'SecurityProviders'SCHANNEL'Ciphers'RC4 128/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE'SYSTEM'CurrentControlSet'Control'SecurityProviders'SCHANNEL'Ciphers'RC4 40/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE'SYSTEM'CurrentControlSet'Control'SecurityProviders'SCHANNEL'Ciphers'RC4 56/128]
"Enabled"=dword:00000000
之后可以使用https://www.ssllabs.com/
您应该将您的3行放入<VirtualHost>
部分以及其他ssl特定配置密钥,如"SSLEngine", SSLCertificateFile