在 WSO2AM-1.10.0 中禁用弱化协议/密码 [英] Disable weakened protocols/ciphers in WSO2AM-1.10.0
问题描述
WSO2AM(1.10.0) 在我的组织中用作 API 网关.在将其发布到生产环境之前,安全公司发现了一些被削弱的协议/密码,他们建议禁用这些协议,如下所示,
WSO2AM(1.10.0) is used in my organization as API gateway. Before releasing it to production, there are a few weakened protocols/ciphers found by a security company and they suggest disable these protocols as below,
- TLSv1.0
- 基于 3DES 的密码
- 1024 位 Diffie-Hellman 组
有人可以建议我如何关闭它们以及任何副作用吗?
Could anyone please suggest me how to turn them off and any side-effects?
谢谢,肖恩
推荐答案
您可以通过从 repository/conf/tomcat/catalina-server.xml 文件中删除 TLSv1.0 来禁用它.
You can disable TLSv1.0 by removing it from repository/conf/tomcat/catalina-server.xml file.
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="9443"
bindOnInit="false"
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
可以禁用编辑相同文件密码部分的密码.
Ciphers can be disabled editing same file ciphers section.
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
可以在此处找到更多详细信息.但是,如果您在 jdk1.7 上运行,则存在一些已知问题.请参阅此处.
More details can be found here. However, there are some known issues if you are running on jdk1.7. Refer here.
这篇关于在 WSO2AM-1.10.0 中禁用弱化协议/密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
