Shulou(Shulou.com)06/02 Report--

Nowadays, it is standard to enable SSL on websites. However, after configuring SSL, you still need to determine whether the deployment of the server is secure. If it is not configured, it will bring many security risks.

There are six versions in the SSL/TLS series: SSL v2, SSL v3, TLS v1.0, TLS v1.1, TLS v1.2, TLS v1.3:

SSL v2 is unsafe and cannot be used.

SSL v3 is insecure when used with HTTP (POODLE attack), and SSL v3 is weak when used with other protocols. It is also outdated and should not be used.

TLS v1.0 is also a traditional protocol that should not be used, but it is usually still necessary in practice. Its main weakness (BEAST) has been mitigated in modern browsers, but other problems remain.

TLS v1.1, v1.2, v1.3 have no known security issues and should be the main protocols of the site.

Detect SSL security

At present, there are two main websites for testing SSL security: the most commonly used is SSLLabs, and one is MySSL made by domestic enterprises. If the rating of the test is A, it is qualified, and if it is F, it is unqualified.

SSL security configuration

For the Windows Server server, the SSL security configuration can be completed by modifying the registry. In addition, there is a simple automatic configuration tool IISCrypto. After downloading the tool, you can complete the security settings using the recommended configuration, which is very easy to use.

3.0 mode

Directly recommend the setting, check the following reboot, then apply it with apply, and restart automatically after setting it.

The editor added:

After testing, it is found that if the current machine needs to be remotely connected to other servers after upgrading, the other side also needs to upgrade.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.