1
私は次のセットアップで256ビットの暗号スイートを使用するだけにしてみてください:私はまだノードhttpsで128bit暗号を無効にできないのはなぜですか?
- 128ビット暗号を持って
const https = require('https'); const fs = require('fs'); const constants = require('constants'); const serverKey = 'server.key'; const serverCrt = 'server.crt'; httpsOptions = { key: fs.readFileSync(serverKey), cert: fs.readFileSync(serverCrt), secureOptions: constants.SSL_OP_NO_TLSv1 | constants.SSL_OP_NO_TLSv1_1, ciphers: [ 'ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384', "HIGH", "!aNULL", "!eNULL", "!EXPORT", "!DES", "!RC4", "!MD5", "!PSK", "!SRP", "!CAMELLIA" ].join(':') }; https.createServer(httpsOptions, (req, res) => { res.writeHead(200); res.end('hello world\n'); }).listen(8000);
しかしsslscanとssllabs.com(私のブログは、同じhttpsOptionsを使用している)の試験ショーアウトsslscanから置かれた後
- NON-GCM暗号
:
[23:13:03][email protected] ~> sslscan localhost:8000
Version: 1.11.8
OpenSSL 1.0.2k 26 Jan 2017
OpenSSL version does not support SSLv2
SSLv2 ciphers will not be detected
Testing SSL server localhost on port 8000
TLS Fallback SCSV:
Server supports TLS Fallback SCSV
TLS renegotiation:
Session renegotiation not supported
TLS Compression:
Compression disabled
Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed
Supported Server Cipher(s):
Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.2 256 bits AES256-GCM-SHA384
Accepted TLSv1.2 256 bits AES256-SHA256
Accepted TLSv1.2 256 bits AES256-SHA
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.2 128 bits AES128-GCM-SHA256
Accepted TLSv1.2 128 bits AES128-SHA256
Accepted TLSv1.2 128 bits AES128-SHA
SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength: 2048
Subject: localhost
Issuer: localhost
Not valid before: Jun 13 19:06:29 2016 GMT
Not valid after: Jun 13 19:06:29 2017 GMT
私は、次の暗号を期待:
Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256