Shulou(Shulou.com)05/31 Report--

CVE-2016-2183 repair process is how, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.

1. Problem description

SSL/TLS Protocol Information Disclosure vulnerability (CVE-2016-2183)

TLS is a secure transport layer protocol used to provide confidentiality and data integrity between two communication applications.

The DES and Triple DES passwords used in TLS, SSH, IPSec negotiation and other products have a birthday limit of about four billion yuan, which allows remote attackers to obtain plain text data through Sweet32 attacks.

two。 Problem solving process

First of all, I know from the introduction of this vulnerability.

Https://www.openssl.org/news/secadv/20160922.txt

OpenSSL does not have this vulnerability since 1.1.0, and the local openssl version is higher than 1.1.0

Find a problem with a different way of thinking.

The source of the vulnerability can be found by learning about the nmap scanning tool through the link below (retest)

Https://www.e-learn.cn/topic/3756431

Please install nmap separately from Baidu (the server of the case is redhat. If you download the rpm package from the official website, the rpm-ivh package will be installed successfully.)

Get the result through the following command

Nmap-sV-- script ssl-enum-ciphers-p 443 www.example.com (ip is also available)

It is found that 3DES encryption is C-level, and there is a warning that is roughly consistent with the description of CVE-2016-2183.

3. Solve the problem

Https://blog.csdn.net/warrior_wjl/article/details/25000541

By configuring the settings of the nginx, ssl_ciphers HIGH, a NULL, MD5, and 3DES

Note:! 3DES is a post-added filter

Then nginx-t checks the configuration file

Nginx-s reload restart nginx

4. Retest

Nmap-sV-- script ssl-enum-ciphers-p 443 www.example.com (ip is also available)

Problem solving

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.