如何禁用中等强度 SSL 密码 SSL / TLS 服务配置文件

如何禁用中等强度 SSL 密码 SSL / TLS 服务配置文件

161089
Created On 02/14/19 23:10 PM - Last Modified 03/31/23 18:40 PM


Objective


  • 禁用介质 SSL 密码,如3DES

Environment


  • PAN-OS 8.1 或更高
  • 正在通过安全扫描(内苏斯)测试的网络
  • 全球保护门户页面

Procedure


您可以通过在配置 CLI SSL SSL TLS 模式下运行下面的命令,从已配置的"/服务配置文件"中禁用密码。 

#设置共享的ssl-tls-服务-配置文件<Name>设置<tab>

示例。</tab> </Name>
admin@192.168.1.1> configure
Entering configuration mode
[edit]

admin@192.168.1.1# set shared ssl-tls-service-profile    (tab to view available "SSL/TLS Service Profiles")
  TLSprofileTest   TLSprofileTest
  <value>          Profile name

admin@192.168.1.1# set shared ssl-tls-service-profile TLSprofileTest protocol-settings       (tab to view options)
+ auth-algo-sha1         Allow authentication SHA1
+ auth-algo-sha256       Allow authentication SHA256
+ auth-algo-sha384       Allow authentication SHA384
+ enc-algo-3des          Allow algorithm 3DES
+ enc-algo-aes-128-cbc   Allow algorithm AES-128-CBC
+ enc-algo-aes-128-gcm   Allow algorithm AES-128-GCM
+ enc-algo-aes-256-cbc   Allow algorithm AES-256-CBC
+ enc-algo-aes-256-gcm   Allow algorithm AES-256-GCM
+ enc-algo-rc4           Allow algorithm RC4
+ keyxchg-algo-dhe       Allow algorithm DHE
+ keyxchg-algo-ecdhe     Allow algorithm ECDHE
+ keyxchg-algo-rsa       Allow algorithm RSA
+ max-version            max-version
+ min-version            min-version
  <Enter>                Finish input

admin@192.168.1.1# set shared ssl-tls-service-profile TLSprofileTest protocol-settings enc-algo-3des     (tab to view options)
  no    no
  yes   yes

admin@192.168.1.1# set shared ssl-tls-service-profile TLSprofileTest protocol-settings enc-algo-3des no

[edit]
admin@192.168.1.1#

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmqeCAC&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language