如何从Windows 2012 R2上运行的node.js https服务器上删除RC4密码
使用ssllabs.com的扫描告诉我RC4正在使用中。 我读了在Windows 2012 R2中应默认禁用RC4。 我使用https.createServer运行node.js服务器,而不是指定密码(默认情况下) ssllabs.com说: This server accepts the RC4 cipher, which is weak TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) WEAK 我按照这些说明禁用了registry中的RC4: http : //windowsitpro.com/windows/disabling-rc4-cipher 我也尝试在节点createHttpsServer中指定密码,如下所示: ciphers: [ "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES256-GCM-SHA384", "DHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA256", "DHE-RSA-AES128-SHA256", "ECDHE-RSA-AES256-SHA384", "DHE-RSA-AES256-SHA384", "ECDHE-RSA-AES256-SHA256", "DHE-RSA-AES256-SHA256", "HIGH", "!aNULL", "!eNULL", "!EXPORT", "!DES", "!RC4", "!MD5", "!PSK", "!SRP", "!CAMELLIA" ].join(':'), honorCipherOrder: true 仍然得到相同的消息,说RC4正在使用,我的成绩从B下降到C,所以设置node.js密码列表确实有影响。 单击“最佳做法”选项后,使用IIS Crypto禁用RC4密码导致我的ssllabs扫描结果没有差异。 […]