几天前,我收到了来自 Authorize.net 的通知,要求禁用 TLS 1.0 和 TLS 1.1
我正在使用 nodejs,这是我在 app.js 中禁用 TLS1.0 和 TLS 1.1 的代码
var sslOptions = {
key: fs.readFileSync('/etc/ssl/private/private.key'),
cert: fs.readFileSync('/etc/ssl/certs/STAR_crt.com.crt'),
secureProtocol: 'SSLv23_server_method',
secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_TLSv1,
ca: [
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_1.crt'),
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_2.crt'),
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_3.crt')
],
ciphers:[
"ECDHE-RSA-AES256-SHA384",
"DHE-RSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA256",
"DHE-RSA-AES256-SHA256",
"ECDHE-RSA-AES128-SHA256",
"DHE-RSA-AES128-SHA256",
"HIGH",
"!aNULL",
"!eNULL",
"!EXPORT",
"!DES",
"!RC4",
"!MD5",
"!PSK",
"!SRP",
"!CAMELLIA",
"!3DES"
].join(':'),
//ca: fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot.crt'),
requestCert: false,
rejectUnauthorized: false
};
但是我好像漏掉了什么。我在 30 小时后进行了 SSL 实验室测试,得到了以下结果:-
知道我需要做什么吗?
谢谢
最佳答案
尝试将 SSLv23_server_method 更改为 TLSv1_2_server_method
var sslOptions = {
key: fs.readFileSync('/etc/ssl/private/private.key'),
cert: fs.readFileSync('/etc/ssl/certs/STAR_crt.com.crt'),
secureProtocol: 'TLSv1_2_server_method',
secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_TLSv1,
ca: [
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_1.crt'),
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_2.crt'),
fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_3.crt')
],
ciphers:[
"ECDHE-RSA-AES256-SHA384",
"DHE-RSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA256",
"DHE-RSA-AES256-SHA256",
"ECDHE-RSA-AES128-SHA256",
"DHE-RSA-AES128-SHA256",
"HIGH",
"!aNULL",
"!eNULL",
"!EXPORT",
"!DES",
"!RC4",
"!MD5",
"!PSK",
"!SRP",
"!CAMELLIA",
"!3DES"
].join(':'),
//ca: fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot.crt'),
requestCert: false,
rejectUnauthorized: false
};
关于node.js - Authorize.net TLS 禁用通知 nodejs,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45476651/