"此伺服器難以抵禦 SWEET32 攻擊。確定已停用伺服器上的弱加密 (DES 和 3DES) 並使用 AES。"
Sweet32 Birthday 攻擊,影響 triple-DES 加密。雖然 OpenSSL 團隊對 triple-DES 漏洞的評級低,但他們說 “triple-DES 現在應該被視為跟 RC4 一樣「壞」。”DigiCert 安全專家和其他安全專業人士建議停用您的伺服器上的任何 triple-DES 加密。
DES 加密 (和 triple-DES) 只有 64 位元的區塊大小。這樣會使攻擊者在瀏覽器中執行 JavaScript,並在相同的 TLS 連線期間傳送大量流量,形成碰撞。藉由此碰撞,攻擊者可以從工作階段 Cookie 中擷取資訊。
數量龐大的 HTTPS 伺服器和所有主要網頁瀏覽器都支援 triple-DES 加密 — 約 600 個最常瀏覽網站。幸運的是,在進行 HTTPS 連線時,大多數瀏覽器選擇使用 AES,而不是使用 triple-DES。
使用這些解決方法之一:
DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.
©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.