apache http server修复CVE-2016-2183漏洞
Posted rongyongfeikai2
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了apache http server修复CVE-2016-2183漏洞相关的知识,希望对你有一定的参考价值。
1.openssl升级,这是必须的
2.在conf/httpd.conf里,增加配置:
# "Modern" configuration, defined by the Mozilla Foundation's SSL Configuration
# Generator as of August 2016. This tool is available at
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
# Many ciphers defined here require a modern version (1.0.1+) of OpenSSL. Some
# require OpenSSL 1.1.0, which as of this writing was in pre-release.
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off并重启http server
3.验证漏洞是否已经修复的方式:
nmap -sV -p [端口] --script ssl-enum-ciphers [ip]
输出的结果里,不再包含DES等弱加密方式。
参考链接:
https://httpd.apache.org/docs/trunk/ssl/ssl_howto.html
禁用3DES和DES弱加密算法,保证SSL证书安全_就是洒家呀的博客-CSDN博客_apache服务器禁止使用des加密算法
以上是关于apache http server修复CVE-2016-2183漏洞的主要内容,如果未能解决你的问题,请参考以下文章
Oracle HTTP Server (OHS) Apache 2.2.13 Poodle SSLv3 修复?
Oracle WebLogic Server 10.3.2漏洞修复方法
如何修复将字节码转换为 dex 的错误原因:com.android.dex.DexException:多个 dex 文件定义 Lorg/apache/http/conn/ssl/AbstractVer