Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to protect against SSL V3.0 vulnerabilities

2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

We have just learned about SSLv3-Poodle * * from OpenSSL's official website. Please pay attention to it. For more information, please visit https://www.openssl.org/~bodo/ssl-poodle.pdf

This vulnerability runs through all SSLv3 versions. By using this vulnerability, you can successfully obtain transmitted data (such as cookies) by using similar methods such as man-in-the-middle * * (as long as both ends of the hijacked data encryption use SSL3.0). As of the post, no patches have been released.

WoSign recommends that you turn off client-side SSLv3 support, or turn off server SSLv3 support, or both.

Turn off server SSLv3 support:

Nginx:

Ssl_protocols TLSv1 TLSv1.1 TLSv1.2

Ssl_prefer_server_ciphers on

Ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256

SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE

RSAMuAES128FUSALLLV RC4MUBE SARAPHUAES128US128USLAV RC4MUBG SHAV aNULLRO eNULLV EXPORTOR "DESOR" 3DESIN "MD5RV" DSSRAPOR PKS

Ssl_session_timeout 5m

Ssl_session_cache builtin:1000 shared:SSL:10m

Apache:

SSLProtocol all-SSLv2-SSLv3

SSLHonorCipherOrder on

SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256

SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE

RSAcopyright AES128Mutual SHAVOR RC4MUBE SAMULAR A NULLRO MD5RU DSS

Turn off client SSLv3 support:

Google has said that chorme browsers have technologically blocked browsers from automatically downgrading to SSL3.0 links. Manually turn off the methods supported by SSL 3.0.

Windows users:

1) completely close the Chrome browser

2) copy a shortcut that normally opens the Chrome browser

3) right-click on the new shortcut to enter the properties

4) enter the following command at the end of the field in the space after "destination"-- ssl-version-min=tls1

Mac OS X users:

1) completely close the Chrome browser

2) find the terminal that comes with this machine (Terminal)

3) enter the following command: / Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome-- ssl-version-min=tls1

Linux users:

1) completely close the Chrome browser

2) enter the following command in the terminal: google-chrome-ssl-version-min=tls1

Firefox browser users can enter about: settings by entering about:config in the address bar and then adjusting security.tls.version.min to 1.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report