SSL problem【Replied】

jonathan      6491阅读

@sundaymouse

论坛的 OpenSSL 版本有 Heartbleed 漏洞...

Apache 支持了一些不安全的加密方式...

P.S. 最好支持 TLS 1.2.

   6491阅读

$ python ssl.py forum.chineseaci.com
Connecting...
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0301, length = 66
... received message: type = 22, ver = 0301, length = 2289
... received message: type = 22, ver = 0301, length = 331
... received message: type = 22, ver = 0301, length = 4
Sending heartbeat request...
... received message: type = 21, ver = 0302, length = 2
Received alert:

0000: 02 46

.F

Server returned error, likely not vulnerable

我们第一时间就处理了,你确定么?

beining   2014-04-11 12:40:09
1

而且我们真不用Apache。。。。我们所有机器没有一台用Apache的。。。。

beining   2014-04-11 12:44:04
2

我们在漏洞公布的第一时间就更新了OpenSSL,确保不会出现问题。我们的服务构架中也不使用Apache.

sundaymouse   2014-04-11 22:14:17
3

TLS 1.2现在应该支持了,欢迎测试。

sundaymouse   2014-04-11 22:23:07
4
登录 后发表评论