防止 SSL 密码
Prevent an SSL cipher
我使用 ssllabs as suggested on Google 检查了我正在部署的站点(IIS 8、Asp.net-C#、SSL)。结果表明 "This server accepts the RC4 cipher, which is weak.".
我该如何预防?该站点托管在网络托管环境中,因此我无法直接控制 IIS,而且我在 IIS 管理器中找不到任何相关内容。我可以在网站上做些什么吗?其他方式?
如果您有共享托管环境,您可能无法执行此操作,但您可以通过 following information.
联系您的托管公司
How to completely disable RC4
Clients and servers that do not want to use RC4 regardless of the
other party’s supported ciphers can disable RC4 cipher suites
completely by setting the following registry keys. In this manner, any
server or client that is talking to a client or server that must use
RC4 can prevent a connection from occurring. Clients that deploy this
setting will be unable to connect to sites that require RC4, and
servers that deploy this setting will be unable to service clients
that must use RC4.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000
我使用 ssllabs as suggested on Google 检查了我正在部署的站点(IIS 8、Asp.net-C#、SSL)。结果表明 "This server accepts the RC4 cipher, which is weak.".
我该如何预防?该站点托管在网络托管环境中,因此我无法直接控制 IIS,而且我在 IIS 管理器中找不到任何相关内容。我可以在网站上做些什么吗?其他方式?
如果您有共享托管环境,您可能无法执行此操作,但您可以通过 following information.
联系您的托管公司How to completely disable RC4
Clients and servers that do not want to use RC4 regardless of the other party’s supported ciphers can disable RC4 cipher suites completely by setting the following registry keys. In this manner, any server or client that is talking to a client or server that must use RC4 can prevent a connection from occurring. Clients that deploy this setting will be unable to connect to sites that require RC4, and servers that deploy this setting will be unable to service clients that must use RC4.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000