**
漏洞描述
TLS协议和SSL协议中使用的的RC4算法中存在漏洞,该漏洞源于使用大量的单字节偏差。通过在使用相同明文的大量会话中密文的统计分析,远程攻击者利用该漏洞进行明文恢复攻击
**
修复方案
/etc/httpd/conf.d/nss.conf
将:
NSSCipherSuite
+rsa_aes_128_sha,+rsa_aes_256_sha,+ecdhe_rsa_aes_256_sha,+ecdhe_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,+ecdh_rsa_aes_128_
sha,+ecdhe_ecdsa_aes_256_sha,+ecdhe_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,+ecdh_ecdsa_aes_128_sha,+rsa_rc4_128_sha
注释掉,新增以下:
NSSCipherSuite +rsa_aes_128_sha,+rsa_aes_256_sha,+ecdhe_rsa_aes_256_sha,+ecdhe_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,+ecdh_rsa_aes_128_
sha,+ecdhe_ecdsa_aes_256_sha,+ecdhe_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,+ecdh_ecdsa_aes_128_sha