1

我需要在单个虚拟主机上禁用 TLS 1.0,LBL 的版本较旧(版本 9)。我该怎么做?

谢谢,洛伦佐

4

1 回答 1

1

在 OPLON LBL Application Delivery Controller 中,您可以为所有侦听器或单个侦听器启用和禁用 SSL/TLS 协议和密码套件。

在单个侦听器的参数下方。如果设置,则各个侦听器的参数将覆盖一般参数。

参数:SSLProtocols="TLSv1.1 TLSv1.2"

        <bind enable="true"
              description="Sample HTTPS listener"
              listenType="NAT"
              address="192.168.56.17 192.168.178.70"
              port="443"
              SSL="true"
              SSLSNI="false"
              SSLSNIDefaultCertificateEnable="false"
              SSLContextVersion="SSLv3"
              SSLUseCipherSuitesOrder="true"
              aliasPassword="defaultpwd"
              certificateURIPath="serverkeys"
              certificateURL=""
              checkClientCertificateValidity="false"
              SSLProtocols="TLSv1.1 TLSv1.2"
              cipherSuites="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_SHA256 TLS_ECDHE_RSA_WITH_AES_128_SHA TLS_ECDHE_ECDSA_WITH_AES_128_SHA TLS_ECDHE_RSA_WITH_AES_256_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_SHA384 TLS_ECDHE_RSA_WITH_AES_256_SHA TLS_ECDHE_ECDSA_WITH_AES_256_SHA TLS_DHE_RSA_WITH_AES_128_SHA256 TLS_DHE_RSA_WITH_AES_128_SHA TLS_DHE_DSS_WITH_AES_128_SHA256 TLS_DHE_RSA_WITH_AES_256_SHA256 TLS_DHE_DSS_WITH_AES_256_SHA"
              enableVirtualDomain="true"
              endPointsGrouping="http_https"
              forwardClientCertificateChainDepth="1"
              forwardClientCertificateToEndpoint="false"
              forwardClientPemCertificateToEndpoint="false"
              keyStore="JKS"
              keyManagerFactory="SunX509"
              keyStorePassword="defaultpwd"
              needClientAuthentication="true"
              osiLayer="7"
              portForwarding="false"
              sslSessionCacheSize="0"
              sslSessionCacheTimeout="86400"
              transport="tcp"
              trustAllCertificates="true"
              trustCertificateURIPath="trustStore.jks"
              trustKeyStore="JKS"
              trustKeyStorePassword="test"
              xForwardedFor="true"/>

在本段中,所有听众的参数:

参数:SSLProtocolsListeners="TLSv1.1 TLSv1.2"

    <params 
            SSLProtocolsListeners="TLSv1.1 TLSv1.2"
            cipherSuitesListeners="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_SHA256 TLS_ECDHE_RSA_WITH_AES_128_SHA TLS_ECDHE_ECDSA_WITH_AES_128_SHA TLS_ECDHE_RSA_WITH_AES_256_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_SHA384 TLS_ECDHE_RSA_WITH_AES_256_SHA TLS_ECDHE_ECDSA_WITH_AES_256_SHA TLS_DHE_RSA_WITH_AES_128_SHA256 TLS_DHE_RSA_WITH_AES_128_SHA TLS_DHE_DSS_WITH_AES_128_SHA256 TLS_DHE_RSA_WITH_AES_256_SHA256 TLS_DHE_DSS_WITH_AES_256_SHA"
            clientH2Bridge="false"
            clientSSLUseCipherSuitesOrder="true"
            concurrentSessions="-1"
            dosAttackPrevention="false"
            dosAttackPreventionOnlyClose="false"
            endPointSSLUseCipherSuitesOrder="true"
            maxConcurrentSessions="-1">
    </params>
于 2020-03-25T17:12:28.820 回答