taoCMS是基于php+sqlite/mysql的国内最小(100Kb左右)的功能完善、开源免费的CMS管理系统

Test for SSL version

2015-12-06

Most web servers that run SSL (https) run on SSL version 3 or TLS version 1. There are still some outdated servers running SSL version 2.

To check if your web server is running SSL v2.0, run this on your Unix/Linux console:

openssl s_client -connect localhost:443 -ssl2

If it shows an error like SSL2_WRITE:ssl handshake failure:s2_pkt.c, it means SSL v2.0 has been disabled.

EXAMPLE: Lets test if slashdot.org is running SSL v2.0 or v3.0.

Check for SSL version 2

$ openssl s_client -connect slashdot.org:443 -ssl2
CONNECTED(00000004)
11358:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:

Check for SSL version 3

$ openssl s_client -connect slashdot.org:443 -ssl2
CONNECTED(00000004)
depth=0 /C=US/O=slashdot.org/OU=3246035501/OU=See www.geotrust.com/resources/cps (c)08/OU= 
   Domain Control Validated - QuickSSL(R)/CN=slashdot.org
verify error:num=20:unable to get local issuer certificate
verify return:1
........
........
........
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : RC4-MD5

Enable version SSLv3 and disable SSLv2

Edit Apache's ssl.conf and include these lines at minimum:

SSLProtocol -all +SSLv3
SSLCipherSuite SSLv3:+HIGH:+MEDIUM

Restart Apache and you're good to go.



安全算法:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

类别:技术文章 | 阅读:251029 | 评论:0 | 标签:ssl

想收藏或者和大家分享这篇好文章→

“Test for SSL version”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

taoCMS发布taoCMS 3.0.2(最后更新21年03月15日),请大家速速升级,欢迎大家试用和提出您宝贵的意见建议。

捐助与联系

☟请使用新浪微博联系我☟

☟在github上follow我☟

标签云