如何在 Azure Web 角色上禁用 RC4 密码 [英] How to disable RC4 cipher on Azure Web Roles

问题描述

我有一个托管在 Microsoft Azure Web-Role 上的 Web 应用程序.如何禁用 RC4 密码?

I have a web application that is hosted on Microsoft Azure Web-Role. How can I disable RC4 cipher?

推荐答案

我在使用 Powershell 脚本时遇到的问题是需要修改的键包含正斜杠，而 Powershell 将其视为路径分隔符，脚本失败.

The problem I encountered using a Powershell script was that the keys that require modifying contain a forward slash and Powershell treats this as a path separator and the script fails.

解决方案是创建一个控制台应用程序并将其设置为在启动时运行:

The solution was to create a console application and set that to run at start up:

class Program
{
    static void Main(string[] args)
    {
        string[] subKeys = new string[]
        {
            "RC4 40/128",
            "RC4 56/128",
            "RC4 64/128",
            "RC4 128/128",
        };

        RegistryKey parentKey = Registry.LocalMachine.OpenSubKey(
            @"SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers", true);

        foreach (string keyName in subKeys)
        {
            var newKey = parentKey.CreateSubKey(keyName);
            newKey.SetValue("Enabled", 0);
            newKey.Close();
        }
        parentKey.Close();
    }
}

将输出文件(在我的情况下为 DisableRc4.exe)复制到 webrole 的根目录并设置为 始终复制

Copy the output file (DisableRc4.exe in my case) to the root of the webrole and set to Copy Always

创建一个包含 DisableRc4.cmd 的文件

Create a file DisableRc4.cmd containing

.DisableRc4.exe
EXIT /B 0

为您的 Web 角色更新 ServiceDefinition.csdef，如下所示

Update ServiceDefinition.csdef for your web role as follows

<Startup>
    <Task commandLine="DisableRc4.cmd" executionContext="elevated" taskType="simple" />
</Startup>

我使用 https://www.ssllabs.com/ssltest/验证已删除 RC4 支持index.html

启动前修改

之后

这篇关于如何在 Azure Web 角色上禁用 RC4 密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！