Authorize.net TLS 禁用通知 nodejs
Authorize.net TLS Disablement Notice nodejs
几天前,我收到了 Authorize.net 的通知,要禁用 TLS 1.0 和 TLS 1.1
我正在使用 nodejs,这是我在 app.js 中禁用 TLS1.0 和 TLS 1.1 的代码
var sslOptions = {
key: fs.readFileSync('/etc/ssl/private/private.key'),
cert: fs.readFileSync('/etc/ssl/certs/STAR_crt.com.crt'),
secureProtocol: 'SSLv23_server_method',
secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_TLSv1,
ca: [
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_1.crt'),
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_2.crt'),
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_3.crt')
],
ciphers:[
"ECDHE-RSA-AES256-SHA384",
"DHE-RSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA256",
"DHE-RSA-AES256-SHA256",
"ECDHE-RSA-AES128-SHA256",
"DHE-RSA-AES128-SHA256",
"HIGH",
"!aNULL",
"!eNULL",
"!EXPORT",
"!DES",
"!RC4",
"!MD5",
"!PSK",
"!SRP",
"!CAMELLIA",
"!3DES"
].join(':'),
//ca: fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot.crt'),
requestCert: false,
rejectUnauthorized: false
};
但我好像漏掉了什么。我在 30 小时后进行了 SSL 实验室测试,得到了以下结果:-
知道我需要做什么吗?
谢谢
公告是Authorize.Net将于2018年2月停止支持TLS 1.1和1.0,届时您需要确保您的系统可以建立TLS 1.2连接。您可以通过连接到仅支持 TLS 1.2 的沙箱进行测试。
尝试将 SSLv23_server_method
更改为 TLSv1_2_server_method
var sslOptions = {
key: fs.readFileSync('/etc/ssl/private/private.key'),
cert: fs.readFileSync('/etc/ssl/certs/STAR_crt.com.crt'),
secureProtocol: 'TLSv1_2_server_method',
secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_TLSv1,
ca: [
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_1.crt'),
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_2.crt'),
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_3.crt')
],
ciphers:[
"ECDHE-RSA-AES256-SHA384",
"DHE-RSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA256",
"DHE-RSA-AES256-SHA256",
"ECDHE-RSA-AES128-SHA256",
"DHE-RSA-AES128-SHA256",
"HIGH",
"!aNULL",
"!eNULL",
"!EXPORT",
"!DES",
"!RC4",
"!MD5",
"!PSK",
"!SRP",
"!CAMELLIA",
"!3DES"
].join(':'),
//ca: fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot.crt'),
requestCert: false,
rejectUnauthorized: false
};
几天前,我收到了 Authorize.net 的通知,要禁用 TLS 1.0 和 TLS 1.1
我正在使用 nodejs,这是我在 app.js 中禁用 TLS1.0 和 TLS 1.1 的代码
var sslOptions = {
key: fs.readFileSync('/etc/ssl/private/private.key'),
cert: fs.readFileSync('/etc/ssl/certs/STAR_crt.com.crt'),
secureProtocol: 'SSLv23_server_method',
secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_TLSv1,
ca: [
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_1.crt'),
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_2.crt'),
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_3.crt')
],
ciphers:[
"ECDHE-RSA-AES256-SHA384",
"DHE-RSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA256",
"DHE-RSA-AES256-SHA256",
"ECDHE-RSA-AES128-SHA256",
"DHE-RSA-AES128-SHA256",
"HIGH",
"!aNULL",
"!eNULL",
"!EXPORT",
"!DES",
"!RC4",
"!MD5",
"!PSK",
"!SRP",
"!CAMELLIA",
"!3DES"
].join(':'),
//ca: fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot.crt'),
requestCert: false,
rejectUnauthorized: false
};
但我好像漏掉了什么。我在 30 小时后进行了 SSL 实验室测试,得到了以下结果:-
知道我需要做什么吗?
谢谢
公告是Authorize.Net将于2018年2月停止支持TLS 1.1和1.0,届时您需要确保您的系统可以建立TLS 1.2连接。您可以通过连接到仅支持 TLS 1.2 的沙箱进行测试。
尝试将 SSLv23_server_method
更改为 TLSv1_2_server_method
var sslOptions = {
key: fs.readFileSync('/etc/ssl/private/private.key'),
cert: fs.readFileSync('/etc/ssl/certs/STAR_crt.com.crt'),
secureProtocol: 'TLSv1_2_server_method',
secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_TLSv1,
ca: [
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_1.crt'),
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_2.crt'),
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_3.crt')
],
ciphers:[
"ECDHE-RSA-AES256-SHA384",
"DHE-RSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA256",
"DHE-RSA-AES256-SHA256",
"ECDHE-RSA-AES128-SHA256",
"DHE-RSA-AES128-SHA256",
"HIGH",
"!aNULL",
"!eNULL",
"!EXPORT",
"!DES",
"!RC4",
"!MD5",
"!PSK",
"!SRP",
"!CAMELLIA",
"!3DES"
].join(':'),
//ca: fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot.crt'),
requestCert: false,
rejectUnauthorized: false
};