- 综合排序
- 最热优先
- 最新优先
- 来自专栏大数据那些事
记录k8s下配置ssl安全连接版rabbitmq
.3 = ECDHE-ECDSA-AES256-SHA384 ssl_options.ciphers.4 = ECDHE-RSA-AES256-SHA384 ssl_options.ciphers.5 = ECDHE-ECDSA-DES-CBC3-SHA ssl_options.ciphers.6 = ECDH-ECDSA-AES256-GCM-SHA384 ssl_options.ciphers.7 ssl_options.ciphers.20 = ECDH-ECDSA-AES128-SHA256 ssl_options.ciphers.21 = ECDH-RSA-AES128-SHA256 ssl_options.ciphers -SHA ssl_options.ciphers.27 = ECDHE-RSA-AES256-SHA ssl_options.ciphers.28 = DHE-DSS-AES256-SHA ssl_options.ciphers -SHA ssl_options.ciphers.32 = ECDHE-ECDSA-AES128-SHA ssl_options.ciphers.33 = ECDHE-RSA-AES128-SHA ssl_options.ciphers
78820发布于 2021-03-22 - 来自专栏python-爬虫
爬虫指纹 JA3
import HTTPAdapter from requests.packages.urllib3.util.ssl_ import create_urllib3_context ORIGIN_CIPHERS """ A TransportAdapter that re-enables 3DES support in Requests. """ CIPHERS = ORIGIN_CIPHERS.split(':') random.shuffle(CIPHERS) CIPHERS = ':'.join(CIPHERS) self.CIPHERS = CIPHERS + ':! (*args, **kwargs) 常出现情况有时候scrapy没法爬,而request可以爬 则需要在scrapy的配置文件中配置 DOWNLOADER_CLIENT_TLS_CIPHERS = 'DH
1.2K10编辑于 2022-05-09 - 来自专栏有文化的技术人
Rabbitmq加密套件详解
.3 = ECDHE-ECDSA-AES256-SHA384 ssl_options.ciphers.4 = ECDHE-RSA-AES256-SHA384 ssl_options.ciphers.5 = DHE-RSA-AES256-GCM-SHA384 ssl_options.ciphers.10 = DHE-DSS-AES256-GCM-SHA384 ssl_options.ciphers.11 ssl_options.ciphers.20 = ECDH-RSA-AES128-SHA256 ssl_options.ciphers.21 = DHE-RSA-AES128-GCM-SHA256 ssl_options.ciphers -SHA ssl_options.ciphers.27 = DHE-RSA-AES256-SHA ssl_options.ciphers.28 = DHE-DSS-AES256-SHA ssl_options.ciphers -SHA ssl_options.ciphers.32 = ECDHE-RSA-AES128-SHA ssl_options.ciphers.33 = DHE-RSA-AES128-SHA ssl_options.ciphers
2.1K20编辑于 2022-10-27 - 来自专栏未闻Code
一日一技: Python 如何突破反爬虫指纹 JA3
""" A TransportAdapter that re-enables 3DES support in Requests. """ CIPHERS = ORIGIN_CIPHERS.split(':') random.shuffle(CIPHERS) CIPHERS = ':'.join(CIPHERS) self.CIPHERS = CIPHERS + ':! =self.CIPHERS) kwargs['ssl_context'] = context return super(DESAdapter, self).init_poolmanager kwargs) def proxy_manager_for(self, *args, **kwargs): context = create_urllib3_context(ciphers
5K21发布于 2021-09-09 - 来自专栏未闻Code
【粉丝投稿】Aiohttp 与 Scrapy 如何绕过 JA3指纹反爬机制
破解JA3算法在于修改SSLContext的ciphers,这个控制了ssl指纹的生成。 k大文章中,修改ssl指纹的用到了create_urllib3_context这个函数。 (ciphers or DEFAULT_CIPHERS) # Setting the default here, as we may have no ssl module on import = ORIGIN_CIPHERS.split(":") def __call__(self) -> ssl.SSLContext: random.shuffle(self.ciphers ) ciphers = ":".join(self.ciphers) ciphers = ciphers + ":! MD5" context = ssl.create_default_context() context.set_ciphers(ciphers) return
2.6K10发布于 2021-09-09 - 来自专栏运维研习社
服务器如何修复旧加密算法漏洞
漏洞扫描结果中已经没有RC4算法相关漏洞 RC4算法除了在远程服务中使用,在web服务中也是很常使用,所以下面整理了常见web的处理方式 nginx处理方式: 在ssl的配置中,配置加密套件的位置,即ssl_ciphers RC4的配置来禁用RC4加密算法 完成后,重启Apache服务 Tomcat处理方式: 在server.xml中,配置SSL_connector中ciphers的部分添加! 其中还禁用了一些其他已经不安全的加密套件 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers
4.7K10发布于 2021-03-17 - 来自专栏逸鹏说道
分享一个 HTTPS A+ 的 nginx 配置
dhparam.pem $ openssl dhparam -out dhparam.pem 4096 配置到 nginx ssl_dhparam /etc/ssl/certs/dhparam.pem; 协议和 ciphers 选择,ciphers 的选择比较关键,这个配置中的 ciphers 支持大多数浏览器,但不支持 XP/IE6 。 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_stapling on;ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128 ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_stapling on; ssl_ciphers KRB5-DES-CBC3-SHA"; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security
1K50发布于 2018-04-09 - 来自专栏西里网CSDN博客
nginx配置 ssl证书详细说明以及案例
certificate.crt; ssl_certificate_key /etc/nginx/ssl/private.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers MD5; ssl_prefer_server_ciphers on; location / { root /var/www/html; index index.html ssl_ciphers:指定加密套件。 ssl_prefer_server_ciphers:优先使用服务器端的加密套件。 5.
2.4K10编辑于 2025-03-25 - 来自专栏Java实战博客
备份的Nginx 配置 可参考
ff11sf.com.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers MD5; ssl_prefer_server_ciphers on; location / { root html; index MD5; ssl_prefer_server_ciphers on; location / { root F:\wordpressRun\zanglikun MD5; ssl_prefer_server_ciphers on; location / { root F:/wordpressRun/yanxinrui MD5; ssl_prefer_server_ciphers on; location / { root F:/wordpressRun/zangwenshan
97510编辑于 2022-01-19 - 来自专栏python3
关于EOF occurred in v
from requests.packages.urllib3.util.ssl_ import create_urllib3_context CIPHERS def init_poolmanager(self, *args, **kwargs): context = create_urllib3_context(ciphers =CIPHERS) kwargs['ssl_context'] = context return super proxy_manager_for(self, *args, **kwargs): context = create_urllib3_context(ciphers =CIPHERS) kwargs['ssl_context'] = context return super
1.5K20发布于 2020-01-06 - 来自专栏鱼的爱情看不出泪水
使用VPN网关SSL VPN服务端连接云上VPC
即将 cipher AES-128-CBC # 改成 data-ciphers AES-128-CBC 以下内容参考自Reddit DEPRECATED OPTION: –cipher set to ‘aes-128-cbc’ but missing in –data-ciphers (AES-256-GCM:AES-128-GCM). Add ‘aes-128-cbc’ to –data-ciphers or change –cipher ‘aes-128-cbc’ to –data-ciphers-fallback ‘aes-128 Add the server’s cipher (‘BF-CBC’) to –data-ciphers (currently ‘AES-256-GCM:AES-128-GCM:AES-128-CBC’)
57910编辑于 2025-05-31 - 来自专栏Worldhello
HTTPS配置指北
ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers RC4; ssl_prefer_server_ciphers on; access_log /etc/nginx/logs/b.yuming.cn.access.log; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers RC4; ssl_prefer_server_ciphers on; access_log /etc/nginx/logs/a.yuming.cn.access.log; RC4; ssl_prefer_server_ciphers on; access_log /etc/nginx/logs/b.yuming.cn.access.log;
1.4K00发布于 2020-01-29 - 来自专栏码客
Nginx配置SSL证书
etc/nginx/cert/psvmc.pem; ssl_certificate_key /etc/nginx/cert/psvmc.key; ssl_session_timeout 5m; ssl_ciphers RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; 配置完成后基本如下 upstream test_psvmc psvmc.pem; ssl_certificate_key /etc/nginx/cert/psvmc.key; ssl_session_timeout 5m; ssl_ciphers RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / {
3.9K20发布于 2019-10-22 - 来自专栏指剑的分享
Nginx服务器安装证书并启用SSL(acme.sh)
server.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers DEFAULT; # This is default SSL_ciphers setting,if you get error,you can change it like me,set DEFAULT #ssl_ciphers PROFILE=SYSTEM; ssl_prefer_server_ciphers on; # Load : error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match) Solution 将nginx.config默认的ssl_ciphers PROFILE=SYSTEM;设置为ssl_ciphers DEFAULT; 重启nginx即可
1.7K40编辑于 2023-11-03 - 来自专栏小新笔记坊
Nginx常用指令及心得
hbswhsxy.cn.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; # 配置加密套件# ssl_ciphers MD5; ssl_ciphers ECC-SM2-SM4-CBC-SM3:ECC-SM2-SM4-GCM-SM3:ECDHE-SM2-SM4-CBC-SM3:ECDHE-SM2-SM4-GCM-SM3 PKS; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; location MD5; ssl_ciphers ECC-SM2-SM4-CBC-SM3:ECC-SM2-SM4-GCM-SM3:ECDHE-SM2-SM4-CBC-SM3:ECDHE-SM2-SM4-GCM-SM3 PKS; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; location
25410编辑于 2024-06-13 - 来自专栏开源部署
Linux Mint + Nginx 1.5.11搭建SSL/HTTPS/SPDY服务器
为了让Wireshark能截包,ssl_ciphers可以改成RSA。 ssl-cert-snakeoil.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; #ssl_ciphers MD5; ssl_ciphers RSA; ssl_prefer_server_ciphers on; location / {
4.9K10编辑于 2022-06-30 - 来自专栏余生大大
nginx配置证书认证https
ssl_session_timeout 5m; # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置 # ssl_ciphers DHE;#按照这个套件配置 ssl_ciphers HIGH:!aNULL:! MD5; ssl_prefer_server_ciphers on; 重启的时候报错: nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module
1.5K70编辑于 2022-11-02 - 来自专栏给时光以生命
nginx常用配置
ssl_certificate_key /etc/ssl证书; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://tomcatserver; include cert_certbot.conf; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers MD5; ssl_prefer_server_ciphers on; localtion / googlexxxxxxxxxxx.html { alias /filepath
61020编辑于 2022-11-01 - 来自专栏日暮星辰
SSL/TLS加密检测脚本testssl.sh
(no encryption) not offered (OK) Anonymous NULL Ciphers (no authentication) not offered (OK) Export ciphers (w/o ADH+NULL) not offered (OK) LOW: 64 Bit + DES encryption (w/o export) not offered (OK) Weak 128 Bit ciphers (SEED, IDEA, RC[2,4]) not offered (OK) Triple DES Ciphers (Medium) not offered (OK) High encryption (AES+Camellia, no AEAD) offered (OK) Strong encryption (AEAD ciphers) offered Check patches RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) Testing 364 ciphers via
5K20发布于 2018-07-24 - 来自专栏运维研习社
Nginx配置加密套件不当,导致无法建立连接分析
比如通过openssl s_client -connect xxx.com:443(这里端口要带,或者可以-h查看使用方法) 另外说一下nginx中加密套件的配置,nginx中的加密套件是通过ssl_ciphers DHE 这部分是加密套件的一些宏定义,就是一个字符串,代表一类型加密套件,openssl的ciphers可以查看加密套件,我们拿HIGH来看下 为了整齐,我用column列了一下,可以看到HIGH代表的一类型加密套件 ,有加密套件详细的版本号,和分开的几部分算法 所以这里HIGH代表的就是高级的加密套件,也就是密钥长度大于128位的,在openssl的ciphers中,还有MEDIUM和LOW,但是LOW等已经在openssl 1.0.2g中禁用了,更多的关于ciphers的信息可以查看openssl官方文档https://www.openssl.org/docs/man1.0.2/man1/ciphers.html 总结,
4.7K10发布于 2020-06-18
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号