镜像文件是什么-剩余时间
2023年4月5日发(作者:网卡驱动程序)
简单⼏步让⽹站⽀持https,windowsiis下https配置⽅式
证书的分类
SSL证书没有所谓的"品质"和"等级"之分,只有三种不同的类型。
SSL证书需要向国际公认的证书证书认证机构(简称CA,CertificateAuthority)申请。
CA机构颁发的证书有3种类型:
域名型SSL证书(DVSSL):信任等级普通,只需验证⽹站的真实性便可颁发证书保护⽹站;
企业型SSL证书(OVSSL):信任等级强,须要验证企业的⾝份,审核严格,安全性更⾼;
增强型SSL证书(EVSSL):信任等级最⾼,⼀般⽤于银⾏证券等⾦融机构,审核严格,安全性最⾼,同时可以激活绿⾊⽹址栏。
我们只要使⽤DV证书就可以了,⼀般来说我们申请到的免费ssl证书都是dv证书。
2.申请免费的证书
2.1⾃签名惹的祸
Ca证书必须要可信任的机构颁发才可以信任,⾃签名证书就是⾃⼰给⾃⼰签名,没有通过第三⽅CA机构颁发。浏览器默认添加了⼀些可信任的CA机
构,都是通过国际WebTrust认证的。
如果你的CA证书不是这些浏览器⾥默认添加的可信任的CA机构签发的话,那么就会出现像12306这样的笑话。
2.2申请免费的DV证书
Let'sEncrypt是国外⼀个公共的免费SSL项⽬,由Linux基⾦会托管,由Mozilla、思科、Akamai、IdenTrust和EFF等组织发起,靠谱!
申请免费的证书可以参考这篇⽂章,⼯具和步骤都⾮常的完整,这⾥就不累述了
最后申请完之后iis的配置就是新建⼀个⽹站,其他都不⽤配置,就可以了,⽼的⽹站不要删除,如果要强制https访问的话可以再搜索其他的⽂章,这⾥不
再展开
⽹站安全验证
https已经可以访问了,但是https就⼀定是安全的吗,我们可以通过下⾯这个⽹站进⼀步检查你的⽹站的安全性,主要是从https的安全性去测试
可能⼀开始测试是个F,像我⼀开始测试就是个F,这是因为操作系统的默认设置⾥有很多不安全的设置,需要我们⼿动来配置修改。
可以仔细看下⾯的说明,没有开启TLS1.2,RC4已经过时了,ForwardSecrecy⽀持的不好等等。
4.为了A+不断修改
这⾥⼤段的删除线是我⼀下午的⼼⾎,哪怕最后发现了powerShell脚本可以⼀次性完成上⾯所有的⼯作,你可以不看,但请尊重我的劳动
4.1关闭SLL2和SSL3
找到HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols右键->新建->项->新建SSL2.0,SSL3.0
SSL2.0和SSL3.0中间是有空格的
在SSL2.0和SSL3.0上分别右键->新建->项->新建Server,Client
在新建的Server和Client中都新建如下的项(DWORD32位值),
DisabledByDefault值1
Enabled值0
总共8个
、
4.2开启TLS1.01.11.2
还是在刚才的⽬录下⾯,新建3个TLS1.0,TLS1.1,TLS1.2
然后分别在下⾯建⽴Client,Server
然后跟⼀样在每个⾥⾯建⽴下⾯的项(DWORD32位值)
DisabledByDefault值0
Enabled值1
图都⼀样,就不重复截图了
完成上⾯的步骤后重启服务器就可以看到效果了
4.3关闭RC4
这⾥的步骤更复杂,但和上⾯⼤同⼩异,⽆⾮就是在注册表⾥创建项,设置键值。
但是做到这⾥,我发现最后⼀步的powerShell脚本把所有的事都做了。所以后⾯的步骤我们都省略吧
4.5修改ssl配置设置
别的我就说,在这个ssl配置的时候我尝试了很多种CipherSuites的配置⽅式,包括参考别⼈A+的⽹站上报告⾥的配置,⼀个⼀个复制出来,每次都要重
启服务器,重新测试,花了好多时间,最后终于评价成为A-,剩下⼀个ForwardSecrecy的问题,结果搜索到⼀份powershell的脚本,问题是⼀步⼀步处
理的,没⽑病,但最后找到⼀个脚本⼀次性解决了前⾯所有的问题,所以分享出来给⼤家,减少⼤家⾛弯路的时间
4.6最后配置ForwardSecrecy
4.7⼀键配置的powershell脚本
Powershell脚本原⽂:
使⽤⽅法是,开始-》运⾏-》输⼊powershell,打开类似cmd窗⼝的命令⾏⼯具,然后直接复制脚本进去执⾏就ok了。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
Copyright2016,AlexanderHass
Version1.7
--CimInstancerequires
Windows2012orlater.
Version1.6
-OSversiondetectionforciphersuitesorder.
Version1.5
-EnabledECDHandmoresecurehashfunctionsandreorderdcipher
list.
-AddedClientsettingforallciphers.
Version1.4
-RC4hasbeendisabled.
Version1.3
-MD5hasbeendisabled.
Version1.2
-Re-factoredcodestyleandoutput
Version1.1
-SSLv3hasbeendisabled.(Poodleattackprotection)
Write-Host'ConfiguringIISwithSSL/TLSDeploymentBestPractices...'
Write-Host'--------------------------------------------------------------------------------'
DisableMulti-ProtocolUnifiedHello
New-Item'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsMulti-ProtocolUnifiedHelloServer'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsMulti-ProtocolUnifiedHelloServer'-
nameEnabled-value0-PropertyType'DWord'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsMulti-ProtocolUnifiedHelloServer'-
name'DisabledByDefault'-value1-PropertyType'DWord'-Force|Out-Null
New-Item'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsMulti-ProtocolUnifiedHelloClient'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsMulti-ProtocolUnifiedHelloClient'-
nameEnabled-value0-PropertyType'DWord'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsMulti-ProtocolUnifiedHelloClient'-
name'DisabledByDefault'-value1-PropertyType'DWord'-Force|Out-Null
Write-Host'Multi-ProtocolUnifiedHellohasbeendisabled.'
DisablePCT1.0
New-Item'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsPCT1.0Server'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsPCT1.0Server'-nameEnabled-value0
-PropertyType'DWord'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsPCT1.0Server'-name
'DisabledByDefault'-value1-PropertyType'DWord'-Force|Out-Null
New-Item'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsPCT1.0Client'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsPCT1.0Client'-nameEnabled-value0-
PropertyType'DWord'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsPCT1.0Client'-name
'DisabledByDefault'-value1-PropertyType'DWord'-Force|Out-Null
Write-Host'PCT1.0hasbeendisabled.'
DisableSSL2.0(PCICompliance)
New-Item'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL2.0Server'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL2.0Server'-nameEnabled-value0
-PropertyType'DWord'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL2.0Server'-name
'DisabledByDefault'-value1-PropertyType'DWord'-Force|Out-Null
New-Item'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL2.0Client'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL2.0Client'-nameEnabled-value0-
PropertyType'DWord'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL2.0Client'-name
'DisabledByDefault'-value1-PropertyType'DWord'-Force|Out-Null
Write-Host'SSL2.0hasbeendisabled.'
NOTE:IfyoudisableSSL3.0theyoumaylockoutsomepeoplestill
using
WindowsXPwithIE6/tSSL3.0enabled,thereisnoprotocol
available
hoppingcertificationsmay
requirethat
youdisableSSLv3.
DisableSSL3.0(PCICompliance)andenable"Poodle"protection
New-Item'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL3.0Server'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL3.0Server'-nameEnabled-value0
-PropertyType'DWord'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL3.0Server'-name
'DisabledByDefault'-value1-PropertyType'DWord'-Force|Out-Null
New-Item'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL3.0Client'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL3.0Client'-nameEnabled-value0-
PropertyType'DWord'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL3.0Client'-name
'DisabledByDefault'-value1-PropertyType'DWord'-Force|Out-Null
Write-Host'SSL3.0hasbeendisabled.'
AddandEnableTLS1.0forclientandserverSCHANNEL
communications
New-Item'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS1.0Server'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS1.0Server'-name'Enabled'-value
'0xffffffff'-PropertyType'DWord'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS1.0Server'-name
'DisabledByDefault'-value0-PropertyType'DWord'-Force|Out-Null
New-Item'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS1.0Client'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS1.0Client'-name'Enabled'-value
'0xffffffff'-PropertyType'DWord'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS1.0Client'-name
'DisabledByDefault'-value0-PropertyType'DWord'-Force|Out-Null
Write-Host'TLS1.0hasbeenenabled.'
AddandEnableTLS1.1forclientandserverSCHANNEL
communications
New-Item'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS1.1Server'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS1.1Server'-name'Enabled'-value
'0xffffffff'-PropertyType'DWord'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS1.1Server'-name
'DisabledByDefault'-value0-PropertyType'DWord'-Force|Out-Null
New-Item'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS1.1Client'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS1.1Client'-name'Enabled'-value
'0xffffffff'-PropertyType'DWord'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS1.1Client'-name
'DisabledByDefault'-value0-PropertyType'DWord'-Force|Out-Null
Write-Host'TLS1.1hasbeenenabled.'
AddandEnableTLS1.2forclientandserverSCHANNEL
communications
New-Item'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS1.2Server'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS1.2Server'-name'Enabled'-value
'0xffffffff'-PropertyType'DWord'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS1.2Server'-name
'DisabledByDefault'-value0-PropertyType'DWord'-Force|Out-Null
New-Item'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS1.2Client'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS1.2Client'-name'Enabled'-value
'0xffffffff'-PropertyType'DWord'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS1.2Client'-name
'DisabledByDefault'-value0-PropertyType'DWord'-Force|Out-Null
Write-Host'TLS1.2hasbeenenabled.'
Re-createthecipherskey.
New-Item'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers'-Force|Out-Null
Disableinsecure/weakciphers.
insecureCiphers=@(′DES56/56′,′NULL′,′RC2128/128′,′RC240/128′,′RC256/128′,′RC440/128′,′RC456/128′,′RC464/128′,′RC4128/128′)Foreach(
insecureCipherin$insecureCiphers){
$key=(Get-ItemHKLM:).OpenSubKey('SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers',true).CreateSubKey(
insecureCipher)
ue(′Enabled′,0,′DWord′)()
Write-Host"Weakcipher$insecureCipherhasbeendisabled."
}
Enablenewsecureciphers.
-RC4:ItisrecommendedtodisableRC4,butyoumaylockout
WinXP/arequirementforFIPS140-2.
-3DES:the
lastciphersupportedbyWindowsXP.
-WindowsVistaandbefore'TripleDES168'wasnamed'TripleDES
168/168'per
secureCiphers=@(′AES128/128′,′AES256/256′,′TripleDES168′)Foreach(secureCipherin$secureCiphers){
$key=(Get-ItemHKLM:).OpenSubKey('SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers',true).CreateSubKey(
secureCipher)
New-ItemProperty-path"HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers
secureCipher"−name′Enabled′−value′0xffffffff′−PropertyType′DWord′−Force|Out−()
Write-Host"Strongcipher$secureCipherhasbeenenabled."
}
Sethashesconfiguration.
New-Item'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELHashes'-Force|Out-Null
New-Item'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELHashesMD5'-Force|Out-Null
New-ItemProperty-path'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELHashesMD5'-nameEnabled-value0-
PropertyType'DWord'-Force|Out-Null
secureHashes=@(′SHA′,′SHA256′,′SHA384′,′SHA512′)Foreach(secureHashin$secureHashes){
$key=(Get-ItemHKLM:).OpenSubKey('SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELHashes',true).CreateSubKey(secureHash)
New-ItemProperty-path"HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELHashes
secureHash"−name′Enabled′−value′0xffffffff′−PropertyType′DWord′−Force|Out−()
Write-Host"Hash$secureHashhasbeenenabled."
}
SetKeyExchangeAlgorithmsconfiguration.
New-Item'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELKeyExchangeAlgorithms'-Force|Out-Null
secureKeyExchangeAlgorithms=@(′Diffie−Hellman′,′ECDH′,′PKCS′)Foreach(secureKeyExchangeAlgorithmin$secureKeyExchangeAlgorithms){
$key=(Get-ItemHKLM:).OpenSubKey('SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELKeyExchangeAlgorithms',
true).CreateSubKey(secureKeyExchangeAlgorithm)
New-ItemProperty-path"HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELKeyExchangeAlgorithms
secureKeyExchangeAlgorithm"−name′Enabled′−value′0xffffffff′−PropertyType′DWord′−Force|Out−()
Write-Host"KeyExchangeAlgorithm$secureKeyExchangeAlgorithmhasbeenenabled."
}
Setciphersuitesorderassecureaspossible(EnablesPerfect
ForwardSecrecy).
os=Get−WmiObject−classWin32
O
peratingSystemif([n]n-lt[n]'10.0'){
Write-Host'UseciphersuitesorderforWindows2008R2/2012/2012R2.'
$cipherSuitesOrder=@(
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521',
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384',
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256',
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521',
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384',
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256',
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521',
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384',
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256',
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521',
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384',
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256',
'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521',
'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384',
'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521',
'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384',
'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256',
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521',
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384',
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521',
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384',
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256',
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521',
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384',
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256',
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521',
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384',
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256',
'TLS_RSA_WITH_AES_256_GCM_SHA384',
'TLS_RSA_WITH_AES_128_GCM_SHA256',
'TLS_RSA_WITH_AES_256_CBC_SHA256',
'TLS_RSA_WITH_AES_128_CBC_SHA256',
'TLS_RSA_WITH_AES_256_CBC_SHA',
'TLS_RSA_WITH_AES_128_CBC_SHA',
'TLS_RSA_WITH_3DES_EDE_CBC_SHA'
)
}
else{
Write-Host'UseciphersuitesorderforWindows10/2016andlater.'
cipherSuitesOrder=@(
'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384',
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256',
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA',
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',
'TLS_RSA_WITH_AES_256_GCM_SHA384',
'TLS_RSA_WITH_AES_128_GCM_SHA256',
'TLS_RSA_WITH_AES_256_CBC_SHA256',
'TLS_RSA_WITH_AES_128_CBC_SHA256',
'TLS_RSA_WITH_AES_256_CBC_SHA',
'TLS_RSA_WITH_AES_128_CBC_SHA',
'TLS_RSA_WITH_3DES_EDE_CBC_SHA'
)
}cipherSuitesAsString=[string]::join(',',$cipherSuitesOrder)
OneuserreportedthiskeydoesnotexistsonWindows2012R2.
CannotrepromyselfonabrandnewWindows2012R2coremachine.
Addingthisjusttobesave.
New-Item'HKLM:SOFTWAREPoliciesMicrosoftCryptographyConfigurationSSL00010002'-ErrorActionSilentlyContinue
New-ItemProperty-path'HKLM:SOFTWAREPoliciesMicrosoftCryptographyConfigurationSSL00010002'-name'Functions'-value
$cipherSuitesAsString-PropertyType'String'-Force|Out-Null
Write-Host-ForegroundColorRed'tcomputernow?'
Restart-Computer-Force-Confirm
4.8最后成功评价到A
⾄于A+还应该怎么做,我也不知道该怎么做下去了,⼀下午的劳动最后⼀个脚本就全部搞定了,为了防⽌⼤家再⾛弯路分享给⼤家,希望⼤家都能评价
到A+。
Processingmath:100%
更多推荐
https申请
发布评论