|
|
附录3:对应windows漏洞处理:+ d2 k: C. ]3 c- G: `. Z3 P1 N7 \6 q
1)打开windows的Internet属性,找到高级–安全:取沟TLS1.0和1.1,只保留1.2;1.3也不勾选。. T7 B/ s. h, M5 d" e
 6 [/ z$ e& i, m% Y% a N( Y! y. I
2)打开组策略gpedit.msc,禁用弱密码算法即可,配置如下:
, M0 }, T4 Y5 P! ~# |. a 0 p2 F3 c8 W) d+ C7 u4 g/ D
默认启用后的密码算法如下:
, V+ L# o* ~2 `% u- b" s. f! V9 F. r9 E; H) C
TLS_AES_256_GCM_SHA384、TLS_AES_128_GCM_SHA256、TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384、TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256、TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384、TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256、TLS_DHE_RSA_WITH_AES_256_GCM_SHA384、TLS_DHE_RSA_WITH_AES_128_GCM_SHA256、TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384、TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256、TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384、TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256、TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA、TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA、TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA、TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA、TLS_RSA_WITH_AES_256_GCM_SHA384、TLS_RSA_WITH_AES_128_GCM_SHA256、TLS_RSA_WITH_AES_256_CBC_SHA256、TLS_RSA_WITH_AES_128_CBC_SHA256、TLS_RSA_WITH_AES_256_CBC_SHA、TLS_RSA_WITH_AES_128_CBC_SHA、TLS_RSA_WITH_3DES_EDE_CBC_SHA、TLS_RSA_WITH_NULL_SHA256、TLS_RSA_WITH_NULL_SHA、TLS_PSK_WITH_AES_256_GCM_SHA384、TLS_PSK_WITH_AES_128_GCM_SHA256、TLS_PSK_WITH_AES_256_CBC_SHA384、TLS_PSK_WITH_AES_128_CBC_SHA256、TLS_PSK_WITH_NULL_SHA384、TLS_PSK_WITH_NULL_SHA2569 {9 ^0 H6 o9 z
1
& w$ S- I4 O7 s x% ]; Q但上述列表有个限制,不能超过 1,023 个字符;上述的算法列表是史蒂夫·吉布森(Steve Gibson)在GRC.com上汇总的列表,可推荐使用。列表必须是一个不间断的字符串,每个密码都用逗号分隔。 复制格式化的文本并将其粘贴到“ SSL Cipher Suites”字段中,然后单击“确定”。 最后,要使更改生效,必须重新启动OS。
" a! P) c' e2 e) X) L- A( Z' s8 M" x9 ~
注:从密码套件列表中移除标识为弱的密码套件,可参考http://msdn.microsoft.com/en-us/library/windows/desktop/bb870930(v=vs.85).aspx;对于 Apache TomCat 服务器,请遵循以下指示信息:参照示例;4 l/ h; X; D3 ~* f- t7 B9 S
( v6 h6 }5 g. i6 T! F( M
验证:重启后,在【PowerShell】上执行命令:Get-TlsCipherSuite
. b, ^1 L* Y: x" R( B% \+ Z; [9 c" U. r: K% i, n0 {- |
6 ]& m5 p0 y$ [. K% e# O+ Z. W% X- K# t! z
3)注册表方式:(请谨慎选择,未验证)
( F( q9 \: \' ]3 @* n/ h' h6 E! }" d" w
1>打开文本文件,粘贴一下内容,保存为*.reg文件,导入注册表重启(导入前请先备份注册表)
9 X, Q; }1 L9 ~+ X) f9 |
# d9 W) G( M5 ~& T: B' k5 Z, p3 H5 h# d; r[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]
. E6 X9 z/ Q" O8 U' h; c"EventLogging"=dword:000000014 P6 L/ @1 h5 T
' }5 y& U0 n# e0 h( O5 l& F' U: ~7 a% c& d$ ^* F
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]
0 a9 T; l4 x3 Q5 i+ y1 f
# l! e# L, s1 x: t. D: J% G* X# l$ {6 j2 l; k/ G9 e* V7 h( W
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128]' h0 d7 t, u( O4 H4 H4 z4 K+ @
"Enabled"=dword:ffffffff% O2 p2 J; b" q9 K8 r
5 c, @: x7 R* A( z5 X5 r4 @: U
1 P# y* K& M2 }& V( O[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256]
5 ]% l' \* v! t6 z2 ^1 U"Enabled"=dword:ffffffff! `$ [+ T& B& B: O1 l* @
1 o! e/ _: g) O- ^! f8 I+ F4 t2 A" _" A
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56]
, x4 {+ k: w: J& G( C1 k- l; {"Enabled"=dword:00000000
% q) S, n& z5 v3 G; c5 a' y) ]( A% f0 P
* |2 [( V2 q" J+ ^' K, g: \; ][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL]) E8 M2 n0 y& g- L3 }
"Enabled"=dword:00000000) C- f. I- m: T2 k
- \! | z% v u0 t% u3 s# {0 ?1 w! Y# ?1 ^6 G
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128]+ k" t* u! z& n. `
"Enabled"=dword:00000000
4 D7 o0 h, u+ _0 _. \
* P b& p* s x0 W
- ?1 \2 T( i! Y. `( r[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128]- i; V( l E, ^+ ^) f
"Enabled"=dword:00000000( W o- z9 d; A! w2 s
4 `/ K) D' [% a6 A[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
2 A+ B, h9 R! `6 d"Enabled"=dword:ffffffff
0 G9 K5 ^3 v0 k, q$ w! U: S; l1 r- N( @8 T/ U$ s
" k4 c! o4 O. ~8 d1 k8 Q, }
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
5 f1 }7 @5 m; k! D# I2 t"Enabled"=dword:000000002 g3 \ w9 }$ p7 I
9 K/ A6 a }+ P8 A$ {2 I
- G1 ]& E! O+ W4 S4 c1 d* k
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
7 K8 s0 r- e0 L, Y5 m9 b$ ^"Enabled"=dword:00000000: S3 n" @ D, n7 R
! z( Z |* r8 P* _/ h# C
4 t* A8 o5 U2 Y. ?$ R! ?[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128], o; s* Z% V% Y$ T
"Enabled"=dword:00000000
: h3 u$ ^0 l: m7 ^. Z5 d1 O& c& b: }0 H3 q) E( J8 {0 ]& j" S
- @, [% a: v' s: h[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168]
w4 p3 V2 B- B"Enabled"=dword:ffffffff; E( p! f, n a" @& K
6 a# ]0 t1 K _, ]1 x3 |: n% a4 a4 Z7 U6 @3 k6 K
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\CipherSuites]
6 V* _" m& X3 ~# Q0 h! b. \. _* I6 `; l$ Z
2 G7 e9 a- D- D" W/ Q( e( F[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes]. u4 A S6 T2 q% A' z" L0 d5 s/ r
8 G, G: u' S$ B+ j2 [
" P% L$ _! l0 q5 u& a" S0 a- P[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5]
) x) \* E' U) f/ d, }3 V/ \"Enabled"=dword:ffffffff
: C) e4 _; t2 z, T. I1 E3 b. w2 I6 ~: T4 W. ~8 E$ o
2 [* \+ I. s0 v8 R" V$ c[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA]9 f9 A8 [9 e- d
"Enabled"=dword:ffffffff7 w$ ?/ b( N/ O( n
4 Z9 A( C7 q6 U& V/ Z& `[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms]
/ }) g3 y$ Y5 @) p& J, F: X9 X, I
& }: X6 U( A& ^3 E5 B$ I' b6 X9 m- _" \. [
4 R; w( @$ `! A0 W[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]
1 A1 ~5 g( u( p! d" u* l$ M"Enabled"=dword:ffffffff
9 ]5 V7 |4 A* J, b4 R; I; @6 |. w6 w5 D1 ~5 a6 }% p3 q
6 d& R+ \, [1 l[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\PKCS]1 e g* L7 n2 |1 H. W. P
"Enabled"=dword:ffffffff
/ s4 |" W( {" T
a7 s$ Y! L5 L) e* X# G, D7 z( N9 n" Y# |! U6 ?- i L+ n# w
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]
0 r( L" v- I6 l1 u' B$ |8 T5 Y G
2 X" G3 u2 X% |4 r3 t1 R4 ~0 [
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello]
3 p% J1 M: g4 `' h! m2 N
/ ~' M( @8 m. |- t
* c" R4 ?0 K" u9 Q: g/ L& i+ I[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Server]$ {- ]! n' ^( A' w! a
"Enabled"=dword:00000000
9 H% M# m% P0 Q1 A"DisabledByDefault"=dword:00000001
7 k/ X- c# u- M8 T* z" L) t: Y" Q5 a: K. e+ E
1 }7 Q: |" S2 s7 \- z8 [[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0]; S0 D1 C; f6 i, S
; ~+ b2 f9 f$ }2 G
& ^: l p- S: w9 R8 N# @" E: K
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server]5 \& }, @4 [. R6 v6 D
"Enabled"=dword:00000000( O9 f# w" h' A2 W9 {
"DisabledByDefault"=dword:00000001
" y: O# n/ r2 O; H
2 o6 x$ }( p, w3 C[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]5 N2 S0 U! y4 m o$ [: j4 X7 N; H
- Q' J0 ?: C+ N, N" D4 `3 r) P4 R; G5 l1 A [+ d- w* c; a; E4 @5 c X
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]+ U. i* j" z% g5 U. r o+ T. w6 {4 L
"DisabledByDefault"=dword:0000ffff9 J0 W) A: k" ?' e+ e8 {8 N$ x
2 w% e$ n9 F) L( e# b
9 E7 g, x9 i1 n7 x# R0 b; P8 e' v[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]+ k7 d' u' g4 j7 P
"Enabled"=dword:000000004 j# I0 c1 B/ z6 d6 N7 C; [: v
"DisabledByDefault"=dword:00000001
3 z& R6 W/ o3 z$ J) w% W: Y: N0 |- u1 @
, x" z- K/ n& n a& `[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]+ o* T0 m K# X& j
2 F# l3 O" H8 |. m: ~7 w/ [ |6 V$ ]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]# P0 L. i( e( ^& O7 _- L2 Q
"Enabled"=dword:ffffffff
" B- d/ x' L) d* O"DisabledByDefault"=dword:00000000
4 Y, C) H% ?+ [" H h2 h: b" T! c/ A1 M
1 U8 t5 P4 Q. H+ C- Q4 M' a1 e) Z
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]
; e3 b: M2 s6 H e+ I0 Z" K* V8 n! m& X8 P) F O+ t( u P* e
: ~. y$ h# P+ U2 {: \( o2 G& F
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
( c& L) c$ a: ^5 {) B"Enabled"=dword:ffffffff
0 ^. K ?+ J- \: @* F- C* v9 {"DisabledByDefault"=dword:00000000$ Y) ?# t0 Y w8 y
3 L" A" ~, P; ]" W[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]
: u0 c# k* J) s
i" ?7 t: ^. |5 ~" [7 q+ @
' y5 v; X3 I- L[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]8 N: E$ j5 ^! n/ Y, h+ ]
"Enabled"=dword:ffffffff1 B" k2 B2 ~3 g
"DisabledByDefault"=dword:00000000; [" i% t( R- H. @1 t0 ?
) a k' u2 L: b2 a" J) i3 {6 H' |
3 C# a5 L4 Y0 P* T' f/ m! C[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
8 [) e: A/ a* I, `! U' `" m. _4 z" S$ N1 o! `3 L2 S
2 R2 }) S/ b! X6 P7 P( L
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] a8 Q3 i ?; w5 W6 {
"Enabled"=dword:ffffffff
. X" `( k* w* c1 Q"DisabledByDefault"=dword:000000007 R9 s* i+ a4 A/ Y
- E& b! n2 k4 f# a4 D/ C4 K7 \4 i4 G) b/ { _! X& r
如果上述验证无效,尝试以下内容:$ N. L* y) o3 \- [: o1 ^2 z
# x4 K- i. h. ?8 }% u7 N) I[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]
4 s: c1 O. K3 H; `"EventLogging"=dword:00000001: U( ] \9 N$ d
* y3 }$ K) S* t: j$ Y+ F8 n
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]% e! Q2 J5 [3 }& `' V. q/ V
) n# F3 g0 H X3 U5 d; ~[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128]
0 k; E$ ^' W/ `"Enabled"=dword:ffffffff
5 W0 v& n$ n' B2 U# y' n" E$ K
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256]
' f0 l5 \' g% i: L+ S0 o8 I"Enabled"=dword:ffffffff. C! G' U1 F1 v w7 y! D% A% w2 t
! e. X. H$ P6 l! o
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56]
p5 V, w8 W' W1 i; a8 k* n"Enabled"=dword:00000000
% u9 a: f; a- C. Q4 S. ?0 W7 i$ f/ V# g: @, p2 y, B. d+ A# p
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL]% D. K' C4 |. W; M! V1 ] }7 Q# u
"Enabled"=dword:000000002 X+ C% M3 ^5 K% Q
! O3 ]$ N, G- P. l$ U5 f7 c
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128]
4 X& q3 P( _6 J, @. n- l"Enabled"=dword:00000000
: \; O6 y! f3 {. Y2 W
& O) m4 B* r3 r5 h! s5 N[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128]
7 o: F( B. @$ i& L* g"Enabled"=dword:00000000( D% r- C# L+ h: y' N4 m
- t& D- F+ L$ u[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128]& ~; e, a7 |8 U `2 V
"Enabled"=dword:00000000
0 X P' l t+ i( G, h& @2 n% M
% R. z3 M2 ] e1 r4 [1 `, ^[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
! Y' G; g: |% U"Enabled"=dword:00000000# Z5 B. w8 T+ q. U* K
6 p- V1 E! }8 H9 [1 U8 ]" [6 {1 A
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]" P, \5 X9 M- D9 D+ Q* b9 W
"Enabled"=dword:00000000- ^8 z0 G5 y2 ?8 X: }; b# c) u
; Y: Q& F$ R9 k( v0 i6 k
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
u4 U1 Q9 S4 C"Enabled"=dword:00000000! X# L* T; }4 s: }
3 W7 e6 R" b9 v% u5 H8 o
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128]# \2 {! p# z4 L; N: j: K
"Enabled"=dword:00000000& k8 J \9 N% j4 j* j
6 G; N( }7 W& w9 N% a1 O[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168]- r* A2 o% |6 N% r0 ]
"Enabled"=dword:ffffffff
( b: `* C' H. D! z& Q# d0 `7 C D
; v1 I+ x( e" G[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\CipherSuites]
o9 d- D( V) L* D, q5 V- F# c# ?% w+ g) G! B* w( j; J
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes]5 A3 j, v+ D9 R! ?: ^7 u; X
$ I2 L- D: j. E* V- ]" Y1 p2 u
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5]$ y+ D5 h7 ^$ Y/ u
"Enabled"=dword:00000000
7 b# U# s5 N0 O. Z" M: w! |% Y3 M) w7 A) [" Y$ v
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA]9 v$ q# U8 @8 P: V! J2 r
"Enabled"=dword:ffffffff
. ^* Y- I. G# [( j2 e+ T# j: Y/ X1 X. Q7 q$ F' t
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms]
& N4 q# H8 F8 T4 F0 Y" e) p5 l$ G% i& D3 m
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]
' {% B" k1 r" q: O3 p"Enabled"=dword:ffffffff
0 g( b- |6 Y6 a; K7 J
9 b6 k! {5 e6 H[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\PKCS]
4 I9 H: E7 Q/ x0 n8 n3 f1 j' ["Enabled"=dword:ffffffff
2 D: [# R( f) |4 }* t6 o1 W! S7 Q
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]0 N5 ^, c7 P u; T: U* @) Z3 I9 w
% b8 _( S' K! N' F
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello]
# m+ I. E+ \( m5 a3 Y$ w* p& l$ r1 u: ~# n% n) E
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Server]
/ M0 `, j* _* G1 V1 T"Enabled"=dword:00000000
! h0 Y9 X) R5 R' M/ X"DisabledByDefault"=dword:000000019 y; B, Y/ C- ` _: C
- u% f0 \# W) \% c
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0]
7 N0 D1 v$ a$ T. Y7 I/ o0 ^; _: |* }9 p) d
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server]
1 S1 b/ D) l8 }8 W. s& A"Enabled"=dword:00000000/ l/ q3 s! G, s, u& \
"DisabledByDefault"=dword:000000013 F- X8 n) J! x- ~% b
5 J1 v5 d% k1 i/ R2 N: X2 |* N
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]( X8 @- G! i# A7 ]4 f: V. u1 i; r! R
I5 g O; q( v8 B% q# |
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]; V+ S/ q# Y: i8 H# o
"DisabledByDefault"=dword:0000ffff
/ }1 Q! j' w1 l5 C% K" M: x$ x. h1 l
: O3 [% {) A6 A7 [[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] U9 X* E# o6 D; e+ K# u
"Enabled"=dword:00000000
+ u. @+ _# h& u2 L! J" Q: F"DisabledByDefault"=dword:00000001
6 Q1 _( b; F; ~' ^! z( K6 N/ D1 K
7 c, z1 W* Z! l) s[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]
7 e' y! e3 K6 \; A9 m0 I) d q& i9 S/ t3 B* w
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
' h% q6 _( C0 Q; g x5 O) y"Enabled"=dword:00000000
) {4 G5 a$ d8 t" b7 e7 `0 K2 M1 e"DisabledByDefault"=dword:00000001
5 y' G! s* v$ u/ [9 i8 c; Z! d
( ?9 _" n6 j# U6 t g! l, a[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]
4 ^, g2 N( Y6 N9 }( ^. h4 w- A: K
9 }, W H" M5 p0 o" f[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]) [+ T" V2 J' F# J1 o( K0 R% _
"Enabled"=dword:ffffffff1 W' }% P! d5 B; a* V! @8 M$ e: H
"DisabledByDefault"=dword:00000000
: Y7 B2 r9 Y+ f9 Q9 r/ w- S5 P( b
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]4 `# @, D9 V; G7 }
" y$ ?. Y" j) ?' W
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
% k& _! R5 {( [. z8 J8 O& t"Enabled"=dword:ffffffff
Q$ o1 C y ~; k$ y1 t"DisabledByDefault"=dword:00000000" c+ R. j! p1 O+ `( w. e B6 _
5 J; Z6 l* @7 w1 g: s }, c
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]+ S5 S/ L* X0 |. L1 H
8 U" b4 Z8 b/ u. ?& k[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]3 }* I( j5 K! b+ a+ T
"Enabled"=dword:ffffffff
& r* s) A- S) c9 Z' F/ ~# Z"DisabledByDefault"=dword:000000000 O, ]0 e/ B$ N! i- i9 ^& O+ o
1 a' v3 @& A% X5 z1 i4 E
4)手动修改注册表$ P! Z& ~# |7 W% u& C
+ S( _9 a! k: H) m4 y3 m/ @
1>:找到计算机\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
( q. D' z, [: P$ u# _8 S5 P7 v
& e s; h! m5 A: D5 i备份完成后修改:
% |3 `* X% S1 m- h3 r& z1>禁止的协议可以在Protocol项里面新建项-名字跟需要禁止的协议的名字相同:: w U$ I: i3 n. r
/ H8 {$ y% w3 C! i) K
在目标协议的项下面新建Client和Server两个项,同时新建DisableByDefault和Enable两个DWORD(32 位)8 ` h! V! P& k- W0 t; H: q' H3 Z
2 M6 h3 D& T, Z* U, Z- [0 B, j“Enabled”=dword:00000000
5 t3 m- K" q' G; j% l; h$ e0 f% _
; Q h& f1 V9 c4 d& T“DisabledByDefault”=dword:00000001(禁用协议): C, x; ?# J9 p
5 j" e# M" _0 i, K# B( T8 C% V. _
- ]6 S. J* r, M& m
|
|
发表于 2022-7-6 15:00:07