保护 Azure WebApp 免受 BEAST 攻击
Protecting Azure WebApp against BEAST attack
我刚刚在我的 Azure Web 应用程序上安装了 SSL 证书。
我已经使用可用的 Symantec SSL 检查工具检查了安装是否正确 here。
在结果中我可以看到
BEAST This server is vulnerable to a BEAST attack. Make sure you have
the TLSv1.2 protocol enabled on your server. Disable the RC4, MD5, and
DES algorithms. Contact your web server vendor for assistance.
如何在 Azure 门户中执行此操作?
更新:我也使用this website检查过这个。它还确认该漏洞未在服务器端缓解。
BEAST is a client-side vulnerability. 是的,TLS 1.0 已经过时而且严重老化,但在 multi-tenant 服务中,仍然保留它是有意义的。你想破坏最少的人,是的,人们仍然像你不相信的那样握手 TLS 1.0。
也就是说,如果您准备好为您的部署终止 TLS 1.0,只需在 App Service Environment.
中托管
Disable TLS 1.0
A recurring question from customers, especially customers who are dealing with PCI compliance audits, is how to explicitly disable TLS 1.0 for their apps.
TLS 1.0 can be disabled through the following clusterSettings entry:
"clusterSettings": [
{
"name": "DisableTls1.0",
"value": "1"
}
],
我刚刚在我的 Azure Web 应用程序上安装了 SSL 证书。 我已经使用可用的 Symantec SSL 检查工具检查了安装是否正确 here。
在结果中我可以看到
BEAST This server is vulnerable to a BEAST attack. Make sure you have the TLSv1.2 protocol enabled on your server. Disable the RC4, MD5, and DES algorithms. Contact your web server vendor for assistance.
如何在 Azure 门户中执行此操作?
更新:我也使用this website检查过这个。它还确认该漏洞未在服务器端缓解。
BEAST is a client-side vulnerability. 是的,TLS 1.0 已经过时而且严重老化,但在 multi-tenant 服务中,仍然保留它是有意义的。你想破坏最少的人,是的,人们仍然像你不相信的那样握手 TLS 1.0。
也就是说,如果您准备好为您的部署终止 TLS 1.0,只需在 App Service Environment.
中托管Disable TLS 1.0
A recurring question from customers, especially customers who are dealing with PCI compliance audits, is how to explicitly disable TLS 1.0 for their apps.
TLS 1.0 can be disabled through the following clusterSettings entry:
"clusterSettings": [ { "name": "DisableTls1.0", "value": "1" } ],