正在加载中...
Windows2008/2012服务器开发微信小程序和苹果ATS怎样关闭SSL2和SSL3开启TLS1.1和TLS1.2?
众所周知,开发微信小程序,需要同时满足微信和IOS平台ATS合规验证,也就是需要关闭SSL2,关闭SSL3和开启TLS1.1和TLS1.2,同时关闭RC4加密套间等,以屏蔽旧的安全通道和落伍的、不安全的加密算法。这里分享的是windows2008/2012操作系统服务器关闭SSL2和开启TLS1.2的方法。
Some industries, like Government, require the use of certain cryptography algorithms. One of the great features of Windows Server 2008 R2 and Windows 7 is the support for TLS 1.2 ciphers. TLS 1.2 ciphers support AES-256 encryption with SHA-256 hashes. Unfortunately, Microsoft did not enable these protocols out of the box. I wanted IIS 7.5 to negotiate TLS 1.2 connections with my Windows 7 clients. After some registry hacking I was successful, as shown by a Wireshark trace.
解决方法:通过修改注册表,将安全通道的协议中的SSL2、SSL3项关闭,将TLS1.1、TLS1.2开启。
通过修改组策略gpedit,修改密码套间的顺序,将AES256和SHA256的顺序提前。
万维景盛工程师提供专业的微信小程序和IOS苹果应用SSL数字证书申请和部署服务,您如果不会部署可以委托我司为您部署。