Sto tentando di correggere la crittografia debole in TLS, eseguendo un test in SSL Labs
, esso genera una crittografia debole nella seguente suite chpher:
Configurazione corrente:
SSLCipherSuite HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!AES128:!SHA1
Cipher Suite TLS 1.2 - Debole:
- TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) DEBOLE
- TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) DEBOLE
OHS Version: Oracle-HTTP-Server-11g/11.1.1.9.0 (Unix) mod_ssl/11.1.1.9.0
Prova a risolvere con:
SSLCipherSuite HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!AES128:!SHA1:!SHA256:!SHA384
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!RC4:!LOW:!MD5:!aNULL:!eNULL:!3DES:!EXP:!PSK:!SRP:!DSS
SSLCipherSuite HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!AES128:!SHA1:!TLS_RSA_WITH_AES_256_CBC_SHA256:!TLS_RSA_WITH_AES_256_GCM_SHA384
Nessuna di queste impostazioni ha funzionato per la mia configurazione SSL in OHS.
Qualcuno ha eliminato questi due problemi nella crittografia debole?