如何解决在Apache httpd 2.4中禁用安全重新协商
据报道,该网站/站点通过apache httpd 2.4代理托管。
New,TLSv1.2,Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: D99A3E3FE44E02D6CFED853DDEF92E8ECAE7F2444D180887B6FCCDB843B0D2A6
Session-ID-ctx:
Master-Key: F3D1094E8EABE09492CF7FFDB79F2F566CA3F87473523164A62ECED7D4DA57B07B5317BC73DB12B8DFDACDE739758682
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1597139113
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: no
---
R
RENEGOTIATING
,并要求关闭相同的文件,不确定SSLInsecureRenegotiation是否与安全重新协商相同,根据官方文档SSLInsecureRenegotiation可以按以下方式禁用。 https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslinsecurerenegotiation
但是我们已经尝试过了,因为默认值是关闭的,所以应该首先禁用它。 有人可以让我知道如何在apache httpd 2.4,OpenSSL 1.0.1e-fips上禁用此功能
解决方法
有一个选项
SSLOptions +StrictRequire +StdEnvVars -OptRenegotiate
见https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。