如何禁用中等强度 SSL 密码 SSL / TLS 服务配置文件
161089
Created On 02/14/19 23:10 PM - Last Modified 03/31/23 18:40 PM
Objective
- 禁用介质 SSL 密码,如3DES
Environment
- PAN-OS 8.1 或更高
- 正在通过安全扫描(内苏斯)测试的网络
- 全球保护门户页面
Procedure
您可以通过在配置 CLI SSL SSL TLS 模式下运行下面的命令,从已配置的"/服务配置文件"中禁用密码。
#设置共享的ssl-tls-服务-配置文件<Name>设置<tab>
示例。</tab> </Name>
admin@192.168.1.1> configure Entering configuration mode [edit] admin@192.168.1.1# set shared ssl-tls-service-profile (tab to view available "SSL/TLS Service Profiles") TLSprofileTest TLSprofileTest <value> Profile name admin@192.168.1.1# set shared ssl-tls-service-profile TLSprofileTest protocol-settings (tab to view options) + auth-algo-sha1 Allow authentication SHA1 + auth-algo-sha256 Allow authentication SHA256 + auth-algo-sha384 Allow authentication SHA384 + enc-algo-3des Allow algorithm 3DES + enc-algo-aes-128-cbc Allow algorithm AES-128-CBC + enc-algo-aes-128-gcm Allow algorithm AES-128-GCM + enc-algo-aes-256-cbc Allow algorithm AES-256-CBC + enc-algo-aes-256-gcm Allow algorithm AES-256-GCM + enc-algo-rc4 Allow algorithm RC4 + keyxchg-algo-dhe Allow algorithm DHE + keyxchg-algo-ecdhe Allow algorithm ECDHE + keyxchg-algo-rsa Allow algorithm RSA + max-version max-version + min-version min-version <Enter> Finish input admin@192.168.1.1# set shared ssl-tls-service-profile TLSprofileTest protocol-settings enc-algo-3des (tab to view options) no no yes yes admin@192.168.1.1# set shared ssl-tls-service-profile TLSprofileTest protocol-settings enc-algo-3des no [edit] admin@192.168.1.1#