Security configuration and detection of SSL after the website enables https

It is standard for websites to enable SSL nowadays. However, after configuring SSL, you still need to determine whether the server deployment is secure. If it is not configured properly, it will bring many security risks.

There are six versions in the SSL/TLS family: SSL v2, SSL v3, TLS v1.0, TLS v1.1, TLS v1.2, TLS v1.3:

SSL v2 is insecure and should not be used.

SSL v3 is insecure when used with HTTP (POODLE attack) and is weak when used with other protocols. It is also outdated and should not be used.

TLS v1.0 is also a legacy protocol that should not be used, but is still often required in practice. Its main weakness (BEAST) is mitigated in modern browsers, but other issues remain.

TLS v1.1, v1.2, and v1.3 have no known security issues and should be the primary protocol for websites.

Check SSL security

At present, there are two main websites for testing SSL security: the most commonly used one is SSLLabs, and the other is MySSL made by a domestic company. If the test rating is A, it is qualified, and if it is F, it is unqualified.

SSL security configuration

For Windows Server, SSL security configuration can be completed by modifying the registry. In addition, there is a simple automatic configuration tool IISCrypto. After downloading the tool, you can complete the security settings using the recommended configuration. It is very easy to use.

3.0 Mode

Directly recommend the settings, check the reboot at the end, then apply, and it will automatically restart after setting.

123WORDPRESS.COM editor adds:

After testing, it was found that if the current machine needs to be remotely connected to another server after upgrading, the other server also needs to be upgraded.