其他组件扫描
AppScan 发现服务器支持较老的 TLS 版本(TLSv1.0 或 TLSv1.1)
描述
The web server supports encryption through TLS 1.0. TLS 1.0 is not considered to be "strong cryptography" as defined and required by the PCI Data Security Standard 3.2(.1) when used to protect sensitive information transferred to or from web sites. According to PCI, "30 June 2018 is the deadline for disabling SSL/early TLS and implementing a more secure encryption protocol – TLS 1.1 or higher (TLS v1.2 is strongly encouraged) in order to meet the PCI Data Security Standard (PCI DSS) for safeguarding payment data.
详情
The SSL server (port: 443) encrypts traffic using TLSv1.0
解决方案
nginx: 在server中添加ssl_protocols TLSv1.2 TLSv1.3; 例如:
server {
ssl_protocols TLSv1.2 TLSv1.3;
}
参考:https://www.ssl.com/zh-CN/%E6%8C%87%E5%AF%BC/%E7%A6%81%E7%94%A8tls-1-0%E5%92%8C1-1-apache-nginx/#ftoc-heading-7
|