北京SEO

linux下修复Openssl FREAK 漏洞bug步骤

2019/10/10/17:44:57  阅读:2112  来源:谷歌SEO算法  标签: 5G标准出炉

Openssl出现的bug 很多朋友都知道是非常的严重了,对于Openssl bug小编每次安装系统都需要来补一下它,下面来看看linux下修复Openssl FREAK 漏洞bug步骤.

修复方法:

1:升级最新版本openssl,重新启动对应服务,#比如OpenSSL的1.0.1的用户应该升级到1.0.2.

2:修改ssl加密算法:(nginx conf:ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;)

nginx修改为 ssl_ciphers HIGH:!aNULL:!MD5:!EXPORT56:!EXP;

httpd修改为 SSLCipherSuite HIGH:!aNULL:!MD5:!EXPORT56:!EXP

3:重新启动对应服务。

漏洞测试:

  1. [root@localhost~]#openssls_client-connectwww.111cn.net:443-cipherEXPORT
  2. CONNECTED(00000003)
  3. depth=3C=IL,O=###Ltd.,OU=SecureDigitalCertificateSigning,CN=###CertificationAuthority
  4. verifyreturn:1
  5. depth=2C=CN,O=###Limited,CN=CA\E6\B2\83\###\E8\AF\81\E4\B9\A6
  6. verifyreturn:1
  7. depth=1C=CN,O=###CALimited,CN=CA\E6\B2\83\E9\80###\81\E4\B9\A6
  8. verifyreturn:1
  9. depth=0description=\E5\85\8D\E8\B4\B####\AF\81\E4\B9\A6\E7\94\B3\E8\###\91\E5\9D\80\EF\BC\9Ahttps://####.com,CN=mail.####.com
  10. verifyreturn:1
  11. ---
  12. Certificatechain
  13. 0s:/description=\xE5\x85\x8D\###F\x81\xE4\xB9\xA6\xE7\x94\xB3\xE8\xAF\xB7\xE7\xBD\x91\xE5\x9D\x80\xEF\xBC\x9Ahttps://buy.wosign.com/CN=mail.####.com
  14. i:/C=CN/O=WoSignCALimited/CN=CA\xE6\xB2\x83\####\x8D\xE8\xB4\xB9SSL\xE8\xAF\x81\xE4\xB9\xA6
  15. 1s:/C=CN/O=WoSignCALimited/CN=CA\xE6\xB2\x83\xE9\###\x8D\xE8\xB4\xB9SSL\xE8\xAF\x81\xE4\xB9\xA6
  16. i:/C=CN/O=WoSignCALimited/CN=CA\xE6\xB2\x83\xE9\###\xB9\xE8\xAF\x81\xE4\xB9\xA6
  17. 2s:/C=CN/O=WoSignCALimited/CN=CA\xE6\xB2\x83\xE9\x80\###\xB9\xE8\xAF\x81\xE4\xB9\xA6
  18. i:/C=IL/O=StartComLtd./OU=SecureDigitalCertificateSigning/CN=###CertificationAuthority
  19. 3s:/C=IL/O=StartComLtd./OU=SecureDigitalCertificateSigning/CN=###CertificationAuthority
  20. i:/C=IL/O=StartComLtd./OU=SecureDigitalCertificateSigning/CN=###CertificationAuthority
  21. ---
  22. Servercertificate
  23. -----BEGINCERTIFICATE-----
  24. #######################FMm1PJLA9iewtlE9XETANBgkqhkiG9w0BAQUFADBM
  25. MQswCQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxITAfBgNV
  26. BAMMGENBIOayg+mAmuWFjei0uVNTTOivgeS5pjAeFw0xNDEyMjUwMzI5MDlaFw0x
  27. NTEyMjUwMzI5MDlaMFkxPjA8BgNVBA0MNeWFjei0uVNTTOivgeS5piDnlLPor7fn
  28. vZHlnYDvvJ####################################YDVQQDDA5tYWlsLmp1
  29. YXN5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPjfJK6tHr7n
  30. c5LgnyyfesG+jMRm+hIHCKVl8xcToUC9xfqhXpTPBLC+0NxGdwHpHY5jsLqE+Mi8
  31. k6VtB0XxP5t644P8j3/felLush1AQdAIHmlWvCYhA4XlnHDNiI2PxqbaJl7CsVVU
  32. 24K0r1N5w1kMsGW354SKrAAA8qXy9fRd8sl+8EUmL+51eyo+bziC0obCoHFP7+i6
  33. FQwtZWxabxkT08kGUeaR3gjFx1Nt3HCDPKSxTTVxqH2xu5vAR77Uf1j6OavxLlco
  34. XlheTEO7GySKM2ilN8lVlrFfnCuOLJjpl2CaK7B0V6gk/Cvnl22zHomPpuqxGqnN
  35. pCGoZUFTdzcCAwEAAaOCAaUwggGhMAsGA1UdDwQEAwIDqDAdBgNVHSUEFjAUBggr
  36. BgEFBQcDAgYIKwYBBQUHAwEwCQYDVR0TBAIwADAdBgNVHQ4EFgQULfReKHXU6/pk
  37. vPB/e+KbvHzaT90wHwYDVR0jBBgwFoAU/cOuEdflyOXUNEGqQQ0oKdwL9z4wewYI
  38. KwYBBQUHAQEEbzBtMDMGCCsGAQUFBzABhidodHRwOi8vb2NzcDIud29zaWduLmNu
  39. ########################################Kmh0dHA6Ly9haWEyLndvc2ln
  40. bi5jbi9jYTIuc2VydmVyMS5mcmVlLmNlcjA8BgNVHR8ENTAzMDGgL6AthitodHRw
  41. Oi8vY3JsczIud29zaWduLmNuL2NhMi1zZXJ2ZXIxLWZyZWUuY3JsMBkGA1UdEQQS
  42. MBCCDm1haWwuanVhc3kuY29tMFIGA1UdIARLMEkwCAYGZ4EMAQIBMD0GDisGAQQB
  43. gptRAwECBwECMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cud29zaWduLmNvbS9w
  44. ###################################Lhx97YtyFOlvC92qjVQWvZjZ7X8Ii
  45. uqbxGDKxVJt6s7ARomQ7toK35SCdfVpgXYlMS2eHNgXdL1gzjRQU4FyDskNgcZqL
  46. fruVhm2JV17yDM+Szy16MT8chh+FS3BAOESpwz0I71L7V+mgkVDmz1/sTekFGS0E
  47. #########################################pswOZF0QVr/DOaDK41OglfG
  48. Wac2V1kbLk4JwMz5BD3YRPmTHGJn04MZikilVzyoLrJpP1UCUIhewJsmV6WVW7fn
  49. ###############################################
  50. -----ENDCERTIFICATE-----
  51. subject=/description=\xE5\x85\x8D\xE8\xB4######\xE7\x94\xB3\xE8\xAF\xB7\xE7\xBD\x91\xE5\x9D\x80\xEF\xBC\x9Ahttps://buy.wosign.com/CN=mail.####.com
  52. issuer=/C=CN/O=####CALimited/CN=CA\xE6\xB2\x83\xE9\x80\x9A\x####B4\xB9SSL\xE8\xAF\x81\xE4\xB9\xA6
  53. ---
  54. NoclientcertificateCAnamessent
  55. ---
  56. SSLhandshakehasread6799bytesandwritten199bytes
  57. ---
  58. New,TLSv1/SSLv3,CipherisEXP-DES-CBC-SHA
  59. Serverpublickeyis2048bit
  60. SecureRenegotiationISsupported
  61. Compression:NONE
  62. Expansion:NONE
  63. SSL-Session:
  64. Protocol:TLSv1
  65. Cipher:EXP-DES-CBC-SHA
  66. Session-ID:5343####4FC455F26700B
  67. Session-ID-ctx:
  68. Master-Key:2CCA993F6#########C6EE5A17FEA6F52D5BCA697C09A169ED59E0
  69. Key-Arg:None
  70. Krb5Principal:None
  71. PSKidentity:None
  72. PSKidentityhint:None
  73. StartTime:1427162168
  74. Timeout:300(sec)
  75. Verifyreturncode:0(ok)
  76. ---
  77. closed
  78. //修复后:
  79. [root@localhost~]#openssls_client-connectwww.111cn.net:443-cipherEXPORT//phpfensi.com
  80. CONNECTED(00000003)
  81. 139642907903816:error:14077410:SSLroutines:SSL23_GET_SERVER_HELLO:sslv3alerthandshakefailure:s23_clnt.c:741:
  82. ---
  83. nopeercertificateavailable
  84. ---
  85. NoclientcertificateCAnamessent
  86. ---
  87. SSLhandshakehasread7bytesandwritten73bytes
  88. ---
  89. New,(NONE),Cipheris(NONE)
  90. SecureRenegotiationISNOTsupported
  91. Compression:NONE
  92. Expansion:NONE
  93. ---

好了有没有发现修复之后我们再测试这个bug是已经没有 bug.

广告内容

linux下修复Openssl FREAK 漏洞bug步骤 linux下修复Openssl FREAK 漏洞bug步骤 linux下修复Openssl FREAK 漏洞bug步骤

相关阅读

热门评论

sunshine技术博客 sunshine技术博客

sunshine技术博客

总篇数164

精选文章

RMAN中catalog和nocatalog区别介绍 小技巧:为Linux下的文件分配多个权限 zimbra8.5.1安装第三方签名ssl证书的步骤 解决mysql不能远程连接数据库方法 windows服务器mysql增量备份批处理数据库 mysql中slow query log慢日志查询分析 JavaScript跨域问题总结 Linux下负载均衡软件LVS配置(VS/DR)教程 mysql中权限参数说明 MYSQL(错误1053)无法正常启动

SEO最新算法