我们在 Jboss 7AS 中面临 POODLE 漏洞,我能够为同一问题提供修复程序。
通过将 protocol="TLSv1,TLSv1.1,TLSv1.2"
属性添加到 standalone.xml
中的 ssl
标记。
现在我不知道如何测试它。有人可以告诉我测试方法吗?
最佳答案
尝试 nmap Poodle 检测器
https://nmap.org/nsedoc/scripts/ssl-poodle.html
摘自摘要
Checks whether SSLv3 CBC ciphers are allowed (POODLE)
Run with -sV to use Nmap's service scan to detect SSL/TLS on non-standard ports. Otherwise, ssl-poodle will only run on ports that are commonly used for SSL.
POODLE is CVE-2014-3566. All implementations of SSLv3 that accept CBC ciphersuites are vulnerable. For speed of detection, this script will stop after the first CBC ciphersuite is discovered. If you want to enumerate all CBC ciphersuites, you can use Nmap's own ssl-enum-ciphers to do a full audit of your TLS ciphersuites.
关于java - 如何测试 Jboss 7AS 的 POODLE 漏洞,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31021963/