| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong | TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong | TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA - broken | TLS_ECDH_anon_WITH_AES_128_CBC_SHA...
AES-GCM 和一些 ECDHE 相当近,而不是出现在大多数版本的 Ubuntu OpenSSL 附带或 RHEL。 新版本中,可通过命令: nmap --script ssl-cert,ssl-enum-ciphers -p 443 host_ip,到如下部分信息: |TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong | TLS_E...
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | Compressors (1) | uncompressed | TLSv1.1 | Ciphers (7) | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | TLS_RSA_WITH_AES_128_CBC_SHA | TLS_RSA_WITH_AES_256_CBC_SHA ...
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; 1. 2. 类似淘宝 Nginx ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl...
TLS/SSL弱密码套件指的是在TLS/SSL握手过程中,客户端和服务器协商使用的那些加密和消息认证算法集合,这些算法由于设计上的缺陷或已知的安全漏洞,被认为提供的安全保护不足。 2. 常见的nginx TLS/SSL弱密码套件 在nginx中,常见的TLS/SSL弱密码套件包括但不限于: TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AE...
CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | compressors: | NULL | cipher preference: server | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | TLSv1.2: | ciphers: | TLS_ECDHE...
ECDHE DSS RC4-MD5 RC4-SHA DES-CBC-SHA DES-CBC3-SHA Can I add the supported one using a config map or something? https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/tls.md#legacy-tls But I think I'd rather use only TLS v1.2 right?
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;ssl_ciphers TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:WEAK112TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:FS256TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA- ssl_prefer_server_ciphers on;location / { proxy_pass ht...
Starting Nmap 6.40 ( http://nmap.org ) at 2021-10-08 14:51 CST Nmap scan report for 127.0.0.1 Host is up (0.035s latency). PORT STATE SERVICE VERSION 443/tcp open http nginx 1.19.10 | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong |...
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | Compressors (1) | uncompressed | TLSv1.1 | Ciphers (7) | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | TLS_RSA_WITH_AES_128_CBC_SHA ...