识别并禁用弱密码套件Windows Server 2008 / IIS 7 [英] Identify and disable weak cipher suites Windows server 2008 / IIS 7
问题描述
我问一个关于一个纯粹中文的主题的问题..提前预订
i'm asking a question on a subject that is pure chinese to me..sorry in advance
部署Web应用程序之前的安全扫描结果在Windows Server 2008 R2上引发了以下消息:
A security scan result prior to the deployment of a web application on windows server 2008 R2 has raised the below message :
支持弱SSL密码套件
Weak SSL Cipher Suites are Supported
重新配置服务器以避免使用弱密码套件。
配置更改是特定于服务器的。
Reconfigure the server to avoid the use of weak cipher suites. The configuration changes are server-specific.
SSLCipherSuite HIGH:MEDIUM:!MD5!EXP:!NULL :! LOW:!ADH
SSLCipherSuite HIGH:MEDIUM:!MD5!EXP:!NULL:!LOW:!ADH
对于Microsoft Windows Vista,Microsoft Windows 7和Microsoft
Windows Server 2008,请通过以下方式从Supported Cipher Suite列表中删除标识为
weak的密码套件这些
说明:
For Microsoft Windows Vista, Microsoft Windows 7, and Microsoft Windows Server 2008, remove the cipher suites that were identified as weak from the Supported Cipher Suite list by following these instructions:
http://msdn.microsoft.com/en-us/library/windows/desktop/bb870930(v = vs.85).aspx
我已经尝试了取消msdn信息,但我完全迷失在那里。
I've tried undertsanding the msdn information but i'm totally lost in there.
我不会丢弃任何应该删除或禁用的密码套件。
first of all I do not undertsand which is the cipher suite that should be removed or disabled.
然后,我想如何运行代码作为示例删除密码套件?
and then, how am I suppose to run the code given as example to remove a cipher suite?
#include <stdio.h>
#include <windows.h>
#include <bcrypt.h>
void main()
{
SECURITY_STATUS Status = ERROR_SUCCESS;
LPWSTR wszCipher = (L"TLS_RSA_WITH_RC4_128_SHA");
Status = BCryptRemoveContextFunction(
CRYPT_LOCAL,
L"SSL",
NCRYPT_SCHANNEL_INTERFACE,
wszCipher);
}
再次抱歉完全缺乏知识!
again sorry for total lack of knowledge here!
推荐答案
解决方案是通过 Security.StackExchange :
使用 IIS CRYPTO 在服务器上允许我可视化密码套件并且非常容易地删除弱密码套件。
Using "IIS CRYPTO" on the server allowed me to visualize the cipher suites and very easily remove the weak ones.
这篇关于识别并禁用弱密码套件Windows Server 2008 / IIS 7的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
