漏洞修复1、SSL Medium Strength Cipher Suites Supported (SWEET32) && TLS Version 1.0 Protocol Detection
动滑轮的支点以l为例2、HSTS Missing From HTTPS Server (RFC 6797)
以l为例需要去除http访问,redirect也不可以,只能使⽤https 3、SSH Weak Key Exchange Algorithms Enabled && SSH Server CBC Mode Ciphers Enabled
3.1、打开ssh配置⽂件:
3.2、重启sshd
3.3、如果报错Directive 'Ciphers' is not allowed within a Match blo
如果配置了如下两⾏,那就把需要添加的放到这个上⾯即可[entryPoints .https ] address = ":443" [entryPoints .https .tls ] minVersion = "VersionTLS12" cipherSuites = [ "TLS_ECDHE_RSA_
WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384" ]
1
2资本主义生产方式
3
芙秀
4
5
6
7
8[entryPoints ] #[entryPoints.http] #address = ":80" # [direct] # entryPoint = "https" #permanent = true [entryPoints .https ] address = ":443" [entryPoints .https .tls ] minVersion = "VersionTLS12" cipherSuites = [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384" ]
1
2北京新钢联
3
4
5
6
述职报告格式7
曲率半径8
9
10
11
12
13
14vim /etc /ssh /sshd_config
1Ciphers aes128-ctr ,aes192-ctr ,aes256-ctr ,arcfour256,arcfour128,arcfour Macs hmac -sha1,hmac -ripemd160KexAlgorithms curve25519-sha256,curve25519-sha256@libssh .org ,ecdh -sha2-nistp256,ecdh -sha2-nistp384,ecdh -sha2-nistp521,diffie -hellman -group
1
2
3systemctl restart sshd
1
3.4、ssh验证(可跳过)
3.5、nmap验证(可跳过)Subsystem sftp internal -sftp Match Group sftp
1
2[root @localhost ~]# ssh -vv -oCiphers=aes128-cbc,3des-cbc,blowfish-cbc ⽬标IP [root @localhost ~]# ssh -vv -oMACs=hmac-md5 ⽬标IP
1
2nmap --script ssh2-enum -algos -sV -p 22 ⽬标IP ......Unable to negotiate with 127.0.0.1 port 22: no matching cipher found . Their offer : aes128-ctr ,aes192-ctr ,aes256-ctr ,arcfour256,arcfour128,arcfour (1)
2
3
4