“此服务器启用了 SSLv3 协议且易受 Poodle (SSLv3) 攻击。在服务器上禁用 SSLv3。"
在 2014 年,Google 研究人员发现了 SSL 3.0 协议中的漏洞,被称为 "POODLE" 漏洞 (Padding Oracle On Downgrading Legacy Encryption)。
启用 SSL 3.0 协议时,MITM(中间人)可以拦截加密的连接并计算拦截连接的明文。
SSL 3.0 的漏洞/安全缺陷:
防御 POODLE 攻击最有效的方式是禁用 SSL 3.0 协议。
在服务器上禁用 SSL 3.0 协议并启用 TLS 1.2 或 1.3。
此外,DigiCert 建议在客户端一侧禁用 SSL 3.0 协议并启用 TLS 协议(1.2 或 1.3)。
DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.
©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.