浏览器的ssl安全漏洞
浏览器最近的安全漏洞,大家可以通过如下网页查看自己的浏览器是否有危险:https://www.poodletest.com/
如果显示vulnerable,建议按照如下办法修补漏洞,目前Google Chrome&Firefox还没有出相应的patch:
https://zmap.io/sslv3/browsers.html
简单来说:
对于Firefox(SSLv3 will be disabled by default in Firefox 34, which will be released on Nov 25. ):
you can set the value security.tls.version.min = 1 in the about:config dialog.
(在Firefox浏览器的地址栏输入,about:config,然后输入security.tls.version.min = 1)
对于Google Chrome
Windows
[*]Right click the Google Chrome shortcut on the desktop.
https://zmap.io/sslv3/winDropMenu.png
[*]Click Properties from the drop-down menu.
[*]You will see the properties menu for the shortcut to Google Chrome.
https://zmap.io/sslv3/winPropertiesBefore.png
[*]Click inside the "Target" box and scroll all the way to the right (past the quote (")).
[*]Enter --ssl-version-min=tls1
https://zmap.io/sslv3/winPropertiesAfter.png
[*]Click "OK" on the properties menu.
[*]When asked for administrator permissions, click "Continue".
https://zmap.io/sslv3/winPermissions.png
UbuntuThanks to gertvdijk on AskUbuntu.
[*]Open /usr/share/applications/google-chrome.desktop in a text editor
[*]For any line that begins with "Exec", add the argument:--ssl-version-min=tls1
[*]For instance the line Exec=/usr/bin/google-chrome-stable %U should become Exec=/usr/bin/google-chrome-stable --ssl-version-min=tls1
[*]Reboot
OS X
[*]Open Automator from Applications.
https://zmap.io/sslv3/osxAutomator.png
[*]Double-click "Workflow".
[*]Under Library, click Utilities.
https://zmap.io/sslv3/osxUtil.png
[*]Double-clide "Run Shell Script".
https://zmap.io/sslv3/osxShellBefore.png
[*]Replace cat with open -a "Google Chrome.app" --args --ssl-version-min=tls1.
https://zmap.io/sslv3/osxShellAfter.png
[*]In the toolbar at the top of the screen, click "File" and then "Save".
[*]In the "Save As" box, type Chrome-POODLE-Proof.app
.
[*]In the "File Format" drop-down box, select "Application".
https://zmap.io/sslv3/osxSave.png
[*]Click "Save".
Depending on how you open Google Chrome, you may have to open it in a different way. If you open it through Spotlight, just type Chrome-POODLE-Proof instead of Google Chrome If you open it by clicking on it in the Dock, open Finder, and click Applications. Drag-and-drop the Chrome-POODLE-Proof.app to the Dock. When you want to open Chrome, click the icon that looks like a robot holding a pipe instead of the normal Google Chrome icon.Other Operating SystemsFor any operating system, launching Chrome from the command-line with the extra flag --ssl-version-min=tls1 will disable SSLv3. Consult your documentation for more detail.Internet ExplorerTo disable SSLv3 in Internet Explorer on Windows Vista and newer, uncheck the "Use SSL 3.0" box on the "Advanced" tab in the Internet Options program.
[*]Launch "Internet Options" from the Start Menu
[*]Click the "Advanced" tab
[*]Uncheck "Use SSL 3.0"
https://zmap.io/sslv3/ie.png
[*]Click "OK"
SafariWe currently do not know of a fix for Safari.
页:
[1]