New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

“SSL 3.0协议”漏洞 #375

Open

Liuwc1660 opened this issue Feb 24, 2023 · 1 comment

Liuwc1660 commented Feb 24, 2023

xxxxx这里是问题描述xxxx

当前使用的版本号
v0.2.1
是否已经升级到新版本
xxx
当前遇到的问题
为了规避http明文传输漏洞，我在conf/mm-wiki.conf配置文件中修改参数将http修改为https。
随后安全检测出“SSL 3.0协议”漏洞，安全厂商建议使用TLS1.2或更高版本，请问这个怎么操作？
错误日志或截图
请求头：
[GET / HTTP/1.1, Host: 10...*:8010, User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; rv 11.0) like Gecko, Accept: /, Accept-Encoding: gzip,deflate]
响应头：
[HTTP/1.1 302 Found, Content-Type: text/html; charset=utf-8, Location: /author/index, Set-Cookie: mmwikissid=ed787fc385ed58945e75176abbda4e93; Path=/; HttpOnly; Secure, Date: Thu, 23 Feb 2023 08:59:34 GMT, Content-Length: 36]
希望增加的功能
远程服务使用SSL 3.0加密流量，这是不安全且已弃用的协议，具有众所周知的漏洞。
禁用 SSL 3.0 并改用 TLS 1.2（或更高版本）。

hhs66317 commented Apr 21, 2023

建议用 Nginx 做代理来解决 HTTPS 问题

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment