SSL problem【Replied】

By jonathan at 2014-04-11 10:39:11 • 2258点击

@sundaymouse

论坛的 OpenSSL 版本有 Heartbleed 漏洞...

Apache 支持了一些不安全的加密方式...

P.S. 最好支持 TLS 1.2.

4 回复 | 直到 2014-04-11 22:23:07

$ python ssl.py forum.chineseaci.com
Connecting...
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0301, length = 66
... received message: type = 22, ver = 0301, length = 2289
... received message: type = 22, ver = 0301, length = 331
... received message: type = 22, ver = 0301, length = 4
Sending heartbeat request...
... received message: type = 21, ver = 0302, length = 2
Received alert:
0000: 02 46 .F

Server returned error, likely not vulnerable


我们第一时间就处理了,你确定么?

beining ACI中文字幕组 at 2014-04-11 12:40:09
1

而且我们真不用Apache。。。。我们所有机器没有一台用Apache的。。。。

beining ACI中文字幕组 at 2014-04-11 12:44:04
2

我们在漏洞公布的第一时间就更新了OpenSSL,确保不会出现问题。我们的服务构架中也不使用Apache.

sundaymouse ACI中文字幕组 at 2014-04-11 22:14:17
3

TLS 1.2现在应该支持了,欢迎测试。

sundaymouse ACI中文字幕组 at 2014-04-11 22:23:07
4
登录 后发表评论