天天看點

SSL/TLS 伺服器瞬時 Diffie-Hellman 公共密鑰過弱

SSL/TLS 伺服器瞬時 Diffie-Hellman 公共密鑰過弱
  • 關于ssl配置可參考:https://ssl-config.mozilla.org/

TOMCAT

通過修改

tomcat

配置檔案

conf/server.xml

,在端口下配置:

sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_
CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_
128_CBC_SHA256,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH
_3DES_EDE_CBC_SHA"
           

SpringBoot

修改

Springboot

配置檔案

application.yml

server:
  ssl:
    enabled-protocols: TLSv1,TLSv1.1,TLSv1.2
    ciphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA
           

.end

繼續閱讀