"此服务器支持较早的 SSL/TLS 协议。服务器易受 Poodle (TLS) 攻击。禁用其他协议。"
发现了新版本的 POODLE (SSL) 漏洞,例如 Zombie POODLE、GOLDENDOODLE、0-Length OpenSSL 和 Sleeping POODLE。在使用 TLS 1.0、TLS 1.1 和 TLS 1.2 协议且启用了密码块链接 (CBC) 分组密码模式的网站上发现了这些新的 POODLE 漏洞。
短期:禁用对 CBC 加密密码的支持。
长期:启用 TLS 1.3 协议。
配置 TLS 以降低 CBC 密码的优先级。攻击者无法强制使用 CBC 密码。攻击者只能对通常越过 CBC 密码的客户端或服务器发起攻击。仅当您无法禁用对 CBC 加密密码的支持时,才使用此变通方案。
DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.
©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.