堆栈内存溢出
  简体   繁体   English

无法在WSO2 Carbon 4.0.6上禁用SSLv3

[英]Unable to disable SSLv3 on WSO2 Carbon 4.0.6

 原文  2015-04-14 14:39:12       wso2/ wso2esb/ poodle-attack

问题描述

Due the possibility of Poodle Attack, I'm trying to disable the SSLv3 on WSO2 ESB-4.6.0. 由于存在贵宾犬攻击的可能性,我试图在WSO2 ESB-4.6.0上禁用SSLv3。

Following the oficial documentation : 遵循官方文档

  • Open [product_home]/repository/conf/axis2/axis2.xml 打开[product_home] /repository/conf/axis2/axis2.xml
  • Find the transportReceiver configuration element for org.apache.synapse.transport.passthru.PassThroughHttpSSLListener 查找org.apache.synapse.transport.passthru.PassThroughHttpSSLListener的transportReceiver配置元素
  • If you are using JDK 1.7 - add the following parameter under transportReceiver. 如果使用的是JDK 1.7,请在transportReceiver下添加以下参数。 

     <parameter name="HttpsProtocols">TLSv1,TLSv1.1,TLSv1.2</parameter>

  • Save and start the server 保存并启动服务器

    • It did not worked! 它没有用! I guess it's because the carbon version of ESB-4.6.0 is 4.0.6 instead of 4.2.0 as described in documentation. 我猜这是因为ESB-4.6.0的碳纤维版本是4.0.6,而不是文档中描述的4.2.0。 The java -jar TestSSLServer.jar localhost 8243 output is: java -jar TestSSLServer.jar localhost 8243输出是: 

    Supported versions: SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Deflate compression: no
Supported cipher suites (ORDER IS NOT SIGNIFICANT):
  SSLv3
     RSA_WITH_RC4_128_MD5
     RSA_WITH_RC4_128_SHA
     RSA_WITH_3DES_EDE_CBC_SHA
     DHE_RSA_WITH_3DES_EDE_CBC_SHA
     RSA_WITH_AES_128_CBC_SHA
     DHE_RSA_WITH_AES_128_CBC_SHA
     TLS_ECDHE_RSA_WITH_RC4_128_SHA
     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  (TLSv1.0: idem)
  (TLSv1.1: idem)
  TLSv1.2
     RSA_WITH_RC4_128_MD5
     RSA_WITH_RC4_128_SHA
     RSA_WITH_3DES_EDE_CBC_SHA
     DHE_RSA_WITH_3DES_EDE_CBC_SHA
     RSA_WITH_AES_128_CBC_SHA
     DHE_RSA_WITH_AES_128_CBC_SHA
     RSA_WITH_AES_128_CBC_SHA256
     DHE_RSA_WITH_AES_128_CBC_SHA256
     TLS_ECDHE_RSA_WITH_RC4_128_SHA
     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

    So, my question is: How to disable the SSLv3 on Carbon 4.0.6? 因此,我的问题是:如何在Carbon 4.0.6上禁用SSLv3?

    2 个解决方案

    解决方案1
     1  2016-12-20 11:55:20

    We can get this done via JVM level ciphers by using Java's 'jdk.tls.disabledAlgorithms' property in java.security file. 通过使用Java.security文件中Java的'jdk.tls.disabledAlgorithms'属性,我们可以通过JVM级别密码来完成此任务。

    It can be done by using values such as following to the property: 可以通过使用以下属性来完成此操作: 

    jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, MD5, DESede, DH keySize < 2048, RSA keySize < 2048

    解决方案2
     0  2015-04-17 11:44:27

    对于wso2 esb 4.6.0的AFAIK,您只能按照官方文档为端口9443(servlet端口)禁用SSLv3。该文档仅适用于基于Carbon 4.2.0的产品

    暂无
    暂无

    声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

    相关问题 在WSO2 WSAS 3.1上禁用SSLv3 - Disable SSLv3 on WSO2 WSAS 3.1 无法构建wso2内核4.0.6 - Unable to build wso2 kernel 4.0.6 WSO2 IOTS:无法卸载碳功能 - WSO2 IOTS: Unable to uninstall carbon feature WSO2 BPS Carbon无法与工作室连接 - WSO2 BPS Carbon unable to connect with studio 构建wso2内核4.0.6时出错 - Error while building wso2 kernel 4.0.6 管理员无法查看或分配wso2 carbon中的角色 - Admin is unable to view or assign roles in wso2 carbon WSO2 Carbon的基本操作 - Basics operation with WSO2 Carbon 用su启动WSO2碳 - starting WSO2 carbon with su WSO2 碳中的蛮力 - Brute Force in WSO2 carbon WSO2 Carbon数据库设置 - WSO2 Carbon database setup
    相关标签
     
    粤ICP备18138465号  © 2020-2024 STACKOOM.COM