none
Win2003 IIS 6.0的SSL弱點問題 RRS feed

  • 問題

  • 目前公司有一台IIS 6.0,有啟用其WebSite SSL功能,使用資安軟體進行該網站弱點掃描的時候,發現有兩個問題:

     

    1.

    Synopsis :
    The remote service supports the use of weak SSL ciphers.

     

    Description :
    The remote host supports the use of SSL ciphers that offer either weak
    encryption or no encryption at all.

     

    Solution:
    Reconfigure the affected application if possible to avoid use of weak
    ciphers.

     

     

    2.
    Synopsis :
    The remote service encrypts traffic using a protocol with known weaknesses.


    Description :
    The remote service accepts connections encrypted using SSL 2.0, which
    reportedly suffers from several cryptographic flaws and has been
    deprecated for several years. An attacker may be able to exploit
    these issues to conduct man-in-the-middle attacks or decrypt
    communications between the affected service and clients.

     

    Solution:
    Consult the application's documentation to disable SSL 2.0 and use SSL
    3.0 or TLS 1.0 instead.

     

    請問這兩個問題應該怎麼解決呢?敬請大家不吝指教,感謝!!
    2007年12月10日 上午 07:29

解答

所有回覆