TLSSSL协议RC4算法安全漏洞CVE-2013-2566
**
漏洞描述
TLS协议和SSL协议中使⽤的的RC4算法中存在漏洞,该漏洞源于使⽤⼤量的单字节偏差。通过在使⽤相同明⽂的⼤量会话中密⽂的统计分析,远程攻击者利⽤该漏洞进⾏明⽂恢复攻击
**
修复⽅案
cve漏洞库
/etc/httpd/conf.f
将:
NSSCipherSuite
+rsa_aes_128_sha,+rsa_aes_256_sha,+ecdhe_rsa_aes_256_sha,+ecdhe_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,+ecdh_r sa_aes_128_
sha,+ecdhe_ecdsa_aes_256_sha,+ecdhe_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,+ecdh_ecdsa_aes_128_sha,+rsa_r c4_128_sha
注释掉,新增以下:
NSSCipherSuite
+rsa_aes_128_sha,+rsa_aes_256_sha,+ecdhe_rsa_aes_256_sha,+ecdhe_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,+ecdh_r sa_aes_128_
sha,+ecdhe_ecdsa_aes_256_sha,+ecdhe_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,+ecdh_ecdsa_aes_128_sha