Reference:
Microsoft IIS: Disabling the SSL v3 Protocol
How to Enable TLS 1.2 as the Default Security Protocol on Windows Servers
How to disable weak versions of SSL/TLS Protocols on Windows Servers
Windows 2012 R2 預設有 SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2,只保留 TLS 1.2 其餘關閉。
步驟:
執行 regedit.exe,切換到 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\
新增機碼,沒有的就手動加上
SSL 2.0\Server\Enabled = 0 (Dword)
SSL 2.0\Client\DisabledByDefault = 1 (Dword)
SSL 3.0\Server\Enabled = 0 (Dword)
SSL 3.0\Client\DisabledByDefault = 1 (Dword)
TLS 1.0\Server\Enabled = 0 (Dword)
TLS 1.0\Client\DisabledByDefault = 1 (Dword)
TLS 1.1\Server\Enabled = 0 (Dword)
TLS 1.1\Client\DisabledByDefault = 1 (Dword)
重開機後生效。
驗證:
用 https://www.ssllabs.com/ssltest/ 確認狀態
沒有留言:
張貼留言