"此伺服器支援較舊的 SSL/TLS 通訊協議。難以抵禦 Poodle (TLS) 攻擊。停用舊通訊協議。"
新版本的 POODLE (SSL) 漏洞被發現如同 Zombie POODLE, GOLDENDOODLE、0-Length OpenSSL 和 Sleeping POODLE。這些新 POODLE 漏洞是在使用 TLS 1.0、TLS 1.1 和 TLS 1.2 通訊協議,並且啟用密碼區塊鏈 (CBC) 區塊密碼模式的網站上發現。
短期:停用對 CBC 密碼的支援。
長期:啟用 TLS 1.3 通訊協議。
設定 TLS 不排列 CBC 密碼優先順序。攻擊者無法強制使用 CBC 密碼。攻擊者可以用通常交涉 CBD 密碼的用戶端或伺服器發起攻擊。如果您無法停用對 CBC 密碼的支援,僅限使用此因應措施。
DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.
©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.