如何禁用在Azure上的Web角色RC4密码 [英] How to disable RC4 cipher on Azure Web Roles

问题描述

我有一个在微软的Azure网络角色托管的Web应用程序。
如何禁用RC4密码？

I have a web application that is hosted on Microsoft Azure Web-Role. How can I disable RC4 cipher?

推荐答案

我遇到使用PowerShell脚本是那些需要修改的键包含一个正斜杠和PowerShell会将其视为一个路径分隔符和脚本失败。问题

The problem I encountered using a Powershell script was that the keys that require modifying contain a forward slash and Powershell treats this as a path separator and the script fails.

该解决方案是创建一个控制台应用程序，并设置运行在启动：

The solution was to create a console application and set that to run at start up:

class Program
{
    static void Main(string[] args)
    {
        string[] subKeys = new string[]
        {
            "RC4 40/128",
            "RC4 56/128",
            "RC4 64/128",
            "RC4 128/128",
        };

        RegistryKey parentKey = Registry.LocalMachine.OpenSubKey(
            @"SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers", true);

        foreach (string keyName in subKeys)
        {
            var newKey = parentKey.CreateSubKey(keyName);
            newKey.SetValue("Enabled", 0);
            newKey.Close();
        }
        parentKey.Close();
    }
}

输出文件（DisableRc4.exe在我的情况）复制到webrole的根源并设置为复制始终的

创建一个文件包含DisableRc4.cmd

Create a file DisableRc4.cmd containing

.\DisableRc4.exe
EXIT /B 0

你的Web角色更新ServiceDefinition.csdef中如下：

Update ServiceDefinition.csdef for your web role as follows

<Startup>
    <Task commandLine="DisableRc4.cmd" executionContext="elevated" taskType="simple" />
</Startup>

我验证使用辗转RC4支持 https://www.ssllabs.com/ssltest/index html的

在启动修改

Before startup modified

在

After

这篇关于如何禁用在Azure上的Web角色RC4密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！