禁⽤sslv3协议linux,常见WebServer关闭SSLv3SSLv2协议的
设置⽅法
常见WebServer(Nginx、Apache、Tomcat)启⽤HTTP以及关闭不安全协议SSLv3/SSLv2的设置⽅法,⽂档整理如下。
⼀、Nginx配置HTTPS
1、安装Nginx
tar zxvf nginx-1.7.
cd nginx-1.7.1/
./configure --with-http_ssl_module --prefix=/usr/local/nginx; make; make install
2、开启SSL/TLS
mkdir /usr/local/nginx/sslkey
cd /usr/local/nginx/sslkey
openssl genrsa -out key.pem 2048
openssl req -new -x509 -nodes - -keyout server.key
#⼀直按回车,什么都不填
vi /usr/local/nginx/f
#去掉HTTPS server相关配置注释并修改⽂件路径(如下图)
/usr/local/nginx/sbin/nginx
#启动nginx,此时nginx监听http(80)和https(443)
3、关闭SSLv3
vi /usr/local/nginx/f
#加上配置ssl_protocols TLSv1 TLSv1.1 TLSv1.2;(如下图)
注:隐性默认是SSLv3 TLSv1 TLSv1.1 TLSv1.2
/usr/local/nginx/sbin/nginx -s reload
#重启nginx⽣效
⼆、 Apache配置HTTPS
1、安装Apache
tar zxvf httpd-2.2.
cd httpd-2.2.27
./configure --enable-ssl --prefix=/usr/local/apache; make; make install 2、开启SSL/TLS
cd /usr/local/apache/conf
openssl genrsa -out key.pem 2048
openssl req -new -x509 -nodes - -keyout server.key
#⼀直按回车,什么都不填
vi /usr/local/apache/f
#去掉Include conf/f注释(如下图)
/usr/local/apache/bin/httpd
#启动apache,此时apache监听http(80)和https(443)
3、关闭SSLv3
vi /usr/local/apache/conf/f
#原有配置SSLProtocol all -SSLv2,需修改为SSLProtocol all -SSLv2 -SSLv3(如下图)
注:显性默认⽀持SSLv3 TLSv1 TLSv1.1 TLSv1.2
killall -9 httpd
/usr/local/apache/bin/httpdnginx和apache区别
#重启apache⽣效
三、Tomcat配置HTTPS
1、开启SSL/TLS
unzip apache-tomcat-7.0.54.zip
cp -R apache-tomcat-7.0.54 /usr/local/tomcat
keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/local/tomcat/keystore #⽣成key⽂件,密码填写123456(如下图)
vi /usr/local/tomcat/l
#添加SSL配置(如下图)
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/usr/local/tomcat/keystore" keystorePass="123456" clientAuth="false" sslProtocol="TLS"
/>
chmod +x /usr/local/tomcat/bin/*sh
/
usr/local/tomcat/bin/startup.sh
#启动tomcat,此时tomcat监听http(8080)和https(8443)
2、关闭SSLv3
vi /usr/local/tomcat/l
#加上配置sslEnabledProtocols="TLSv1"(如下图)
注:隐性默认是SSLv3,TLSv1.0
/usr/local/tomcat/bin/shutdown.sh
/usr/local/tomcat/bin/startup.sh #重启tomcat⽣效
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论