IIS 7默认使用什么版本的SSL，以及如何强制它使用SSL v3? [英] What version of SSL does IIS 7 use by default, and how does one force it to use SSL v3?

问题描述

我听说SSL v2的安全性比SSL v3低得多，这是因为它使用的加密算法存在缺陷.我想强制我在IIS 7上运行的网站使用SSL v3.有人知道这是怎么做的吗?

I have heard that SSL v2 is a lot less secure than SSL v3 due to flaws in the encryption algorithms it uses. I would like to force my websites running on IIS 7 to use SSL v3. Anyone know how this is done?

也值得强制进行128位加密吗?有人在执行此操作时遇到任何性能问题吗?

Also is it worth forcing 128-bit encryption as well? Has anyone had any performance issues with doing this?

推荐答案

IIS 7至少支持SSL 3.0，TLS 1.0和更高版本.

IIS 7 supports at least SSL 3.0, TLS 1.0 and higher.

在SSL/TLS中，协商用于每个连接的版本.客户端首先发送"hello"消息，该消息指示他支持的协议的最高级别.服务器以自己的"hello"响应，表示他支持的最高级别不高于客户端.通过这种方式，可以使用客户端和服务器之间共有的最高级别的支持来建立连接.

In SSL/TLS, the version used for each connection is negotiated. The client sends a 'hello' message first which indicates the highest level of the protocol he supports. The server responds with his own 'hello', indicating the highest level he supports that's not higher than the client. In this way, the connection is made using the highest level of support in common between the client and server.

现代客户端不太可能实际请求SSL 2.0(但有时他们会请求具有SSLv2兼容的hello格式的更高版本).

It's unlikely that modern clients would actually request SSL 2.0 (but sometimes they will request later versions with an SSLv2-compatible hello format).

无论如何，本文介绍了如何在IIS 7中禁用较旧的协议:

In any case, this article describes how to disable older protocols in IIS 7:

http://support.microsoft.com/kb/187498

这篇关于IIS 7默认使用什么版本的SSL，以及如何强制它使用SSL v3?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！