我需要不支持 TLSv1 和 RC4-SHA
所以我的 ssl.conf 中有这些行
SSLProtocol +TLSv1.2 +TLSv1.1 -TLSv1
SSLCompression off
SSLHonorCipherOrder on
SSLCipherSuite "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA"
我正在使用此命令检查是否仍支持 RC4 和 TLSv1
sslscan --no-failed xxx.xxx.xxx.xxx:1337
sslscan 给了我这个结果:
Supported Server Cipher(s):
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 256 bits CAMELLIA256-SHA
Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 128 bits CAMELLIA128-SHA
Accepted TLSv1 128 bits DES-CBC3-SHA
**Accepted TLSv1 128 bits RC4-SHA**
Accepted TLS11 256 bits AES256-SHA
Accepted TLS11 256 bits CAMELLIA256-SHA
Accepted TLS11 128 bits AES128-SHA
Accepted TLS11 128 bits CAMELLIA128-SHA
Accepted TLS11 128 bits DES-CBC3-SHA
**Accepted TLS11 128 bits RC4-SHA**
Accepted TLS12 256 bits AES256-GCM-SHA384
Accepted TLS12 256 bits AES256-SHA256
Accepted TLS12 256 bits AES256-SHA
Accepted TLS12 256 bits CAMELLIA256-SHA
Accepted TLS12 128 bits AES128-GCM-SHA256
Accepted TLS12 128 bits AES128-SHA256
Accepted TLS12 128 bits AES128-SHA
Accepted TLS12 128 bits CAMELLIA128-SHA
Accepted TLS12 128 bits DES-CBC3-SHA
**Accepted TLS12 128 bits RC4-SHA**
显然 RC4-SHA 仍然被接受,我试图将其配置为不支持任何 RC4 和 TLSv1。有没有办法解决这个问题。
谢谢