如何在 ubuntu 14.04 LTS 上禁用 SSL3

如何在 ubuntu 14.04 LTS 上禁用 SSL3

我正在运行一个装有 tomcat7 和 apache2 的服务器。我通过另一台远程主机发出以下命令:

openssl s_client -connect my_site:443 -ssl3

返回:

CONNECTED(00000003)
139773982140064:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:339:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1462854225
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

我想禁用 SSLv3,我该怎么做?

答案1

在您的配置中添加或更新以下行:

SSLProtocol all -SSLv2 -SSLv3

然后运行:sudo apache2ctl configtest && sudo service apache2 restart

相关内容