{"id":825,"date":"2023-07-15T10:40:50","date_gmt":"2023-07-15T02:40:50","guid":{"rendered":"http:\/\/blog.nonot.cn\/?p=825"},"modified":"2024-07-08T13:04:20","modified_gmt":"2024-07-08T05:04:20","slug":"ssl-tls%e5%8d%8f%e8%ae%ae%e4%bf%a1%e6%81%af%e6%b3%84%e9%9c%b2%e6%bc%8f%e6%b4%9ecve-2016-2183%e3%80%90%e5%8e%9f%e7%90%86%e6%89%ab%e6%8f%8f%e3%80%91%e5%a4%84%e7%90%86","status":"publish","type":"post","link":"https:\/\/blog.nonot.cn\/index.php\/2023\/07\/15\/ssl-tls%e5%8d%8f%e8%ae%ae%e4%bf%a1%e6%81%af%e6%b3%84%e9%9c%b2%e6%bc%8f%e6%b4%9ecve-2016-2183%e3%80%90%e5%8e%9f%e7%90%86%e6%89%ab%e6%8f%8f%e3%80%91%e5%a4%84%e7%90%86\/","title":{"rendered":"SSL\/TLS\u534f\u8bae\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e(CVE-2016-2183)\u3010\u539f\u7406\u626b\u63cf\u3011\u5904\u7406"},"content":{"rendered":"<p>\u4e00\u3001\u6982\u8ff0<br \/>SSL\/TLS\u534f\u8bae\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e(CVE-2016-2183)\u6f0f\u6d1e\u8bf4\u660e\uff1a<\/p>\n<p>SSL\u5168\u79f0\u662fSecure Sockets Layer\uff0c\u5b89\u5168\u5957\u63a5\u5b57\u5c42\uff0c\u5b83\u662f\u7531\u7f51\u666f\u516c\u53f8\uff08Netscape\uff09\u8bbe\u8ba1\u7684\u4e3b\u8981\u7528\u4e8eWeb\u7684\u5b89\u5168\u4f20\u8f93\u534f\u8bae\uff0c\u76ee\u7684\u662f\u4e3a\u7f51\u7edc\u901a\u4fe1\u63d0\u4f9b\u673a\u5bc6\u6027\u3001\u8ba4\u8bc1\u6027\u53ca\u6570\u636e\u5b8c\u6574\u6027\u4fdd\u969c\u3002\u5982\u4eca\uff0cSSL\u5df2\u7ecf\u6210\u4e3a\u4e92\u8054\u7f51\u4fdd\u5bc6\u901a\u4fe1\u7684\u5de5\u4e1a\u6807\u51c6\u3002SSL\u6700\u521d\u7684\u51e0\u4e2a\u7248\u672c\uff08SSL 1.0\u3001SSL2.0\u3001SSL 3.0\uff09\u7531\u7f51\u666f\u516c\u53f8\u8bbe\u8ba1\u548c\u7ef4\u62a4\uff0c\u4ece3.1\u7248\u672c\u5f00\u59cb\uff0cSSL\u534f\u8bae\u7531\u56e0\u7279\u7f51\u5de5\u7a0b\u4efb\u52a1\u5c0f\u7ec4\uff08IETF\uff09\u6b63\u5f0f\u63a5\u7ba1\uff0c\u5e76\u66f4\u540d\u4e3aTLS\uff08Transport Layer Security\uff09\uff0c\u53d1\u5c55\u81f3\u4eca\u5df2\u6709TLS 1.0\u3001TLS1.1\u3001TLS1.2\uff0cTLS1.3\u8fd9\u51e0\u4e2a\u7248\u672c\u3002TLS, SSH, IPSec\u534f\u5546\u53ca\u5176\u4ed6\u4ea7\u54c1\u4e2d\u4f7f\u7528\u7684DES\u53caTriple DES\u5bc6\u7801\u5b58\u5728\u5927\u7ea6\u56db\u5341\u4ebf\u5757\u7684\u751f\u65e5\u754c\uff0c\u8fd9\u53ef\u4f7f\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7Sweet32\u653b\u51fb\uff0c\u83b7\u53d6\u7eaf\u6587\u672c\u6570\u636e\u3002<\/p>\n<p>\u98ce\u9669\u7ea7\u522b\uff1a\u4e2d<\/p>\n<p>\u8be5\u6f0f\u6d1e\u53c8\u79f0\u4e3aSWEET32\uff08https:\/\/sweet32.info\uff09\u662f\u5bf9\u8f83\u65e7\u7684\u5206\u7ec4\u5bc6\u7801\u7b97\u6cd5\u7684\u653b\u51fb\uff0c\u5b83\u4f7f\u752864\u4f4d\u7684\u5757\u5927\u5c0f\uff0c\u7f13\u89e3SWEET32\u653b\u51fbOpenSSL 1.0.1\u548cOpenSSL 1.0.2\u4e2d\u57fa\u4e8eDES\u5bc6\u7801\u5957\u4ef6\u4ece\u201c\u9ad8\u201d\u5bc6\u7801\u5b57\u7b26\u4e32\u7ec4\u79fb\u81f3\u201c\u4e2d\u201d\uff1b\u4f46OpenSSL 1.1.0\u53d1\u5e03\u65f6\u81ea\u5e26\u8fd9\u4e9b\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u7981\u7528\u5bc6\u7801\u5957\u4ef6\u3002\u8be5\u95ee\u9898\u5728\u65b0\u7684openssl\u7248\u672c\u4e2d\u5df2\u89e3\u51b3\u3002<\/p>\n<p>\u8fdc\u7a0b\u4e3b\u673a\u652f\u6301\u4f7f\u7528\u63d0\u4f9b\u4e2d\u7b49\u5f3a\u5ea6\u52a0\u5bc6\u7684SSL\u5bc6\u7801\u3002Nessus\u5c06\u4e2d\u7b49\u5f3a\u5ea6\u89c6\u4e3a\u4f7f\u7528\u5bc6\u94a5\u957f\u5ea6\u81f3\u5c11\u4e3a64\u4f4d\u4e14\u5c0f\u4e8e112\u4f4d\u7684\u4efb\u4f55\u52a0\u5bc6\uff0c\u6216\u4f7f\u75283DES\u52a0\u5bc6\u5957\u4ef6\u7684\u4efb\u4f55\u52a0\u5bc6\u3002\u8bf7\u6ce8\u610f\uff0c\u5982\u679c\u653b\u51fb\u8005\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u7f51\u7edc\u4e0a\uff0c\u90a3\u4e48\u7ed5\u8fc7\u4e2d\u7b49\u5f3a\u5ea6\u52a0\u5bc6\u5c31\u5bb9\u6613\u5f97\u591a\u3002\u5bf9\u4e8ewindows\uff0c\u8be5\u6f0f\u6d1e\u5f71\u54cd\u4e86\u5f88\u591a\u7684\u670d\u52a1\uff0c\u5305\u62ec\u5e38\u89c1\u76843389\uff0c80\uff0c443\uff0c25\u7b49\u3002<\/p>\n<p>\u3010\u5347\u7ea7\u5efa\u8bae\u3011<\/p>\n<p>OpenSSL 1.0.2\u7528\u6237\u5e94\u5347\u7ea7\u52301.0.2i<br \/>OpenSSL 1.0.1\u7528\u6237\u5e94\u5347\u7ea7\u52301.0.1u<\/p>\n<p>\u4e8c\u3001\u5347\u7ea7\u5904\u7406<br \/>1\u3001\u5b98\u65b9\u5730\u5740\uff1ahttps:\/\/www.openssl.org\/source\/\uff1b\u6700\u65b0\u7684\u7a33\u5b9a\u7248\u672c\u662f1.1.1\u7cfb\u5217\uff0c\u4e14\u662fTLS\u7248\u672c\uff1b\u4e4b\u524d\u65e7\u7248\u672c(\u5305\u62ec1.1.0, 1.0.2, 1.0.0 and 0.9.8)\u4e0d\u5728\u652f\u6301\u7ef4\u62a4\uff1b<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/bd255-20201230143856611.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\u4e0b\u8f7d\u5730\u5740\uff1ahttps:\/\/www.openssl.org\/source\/openssl-1.1.1i.tar.gz<\/p>\n<p>2\u3001\u6216\u8005linux\u4e0a\u76f4\u63a5\u8fd0\u884c\uff1a<\/p>\n<p>openssl version -a \/\/\u786e\u8ba4\u5f53\u524d\u7248\u672c\uff0c\u5907\u4efd\u8bc1\u4e66\u6587\u4ef6\u548c\u79d8\u94a5\u6587\u4ef6<br \/>mv \/usr\/bin\/openssl \/usr\/bin\/openssl.old \/\u5907\u4efd\u6267\u884c\u6587\u4ef6<br \/>mv \/usr\/include\/openssl \/usr\/include\/openssl.old<br \/>cd \/usr\/local\/src\/<br \/>wget https:\/\/www.openssl.org\/source\/openssl-1.1.1h.tar.gz<br \/>tar zxvf openssl-1.1.1h.tar.gz<br \/>cd .\/openssl-1.1.1h\/<br \/>.\/config &#8211;prefix=\/opt\/openssl &#8211;openssldir=\/usr\/local\/ssl \/\/\u9884\u7f16\u8bd1\uff0c\u5230\u6307\u5b9a\u5b89\u88c5\u8def\u5f84\uff0c\u751f\u6210Makefile\u6587\u4ef6\uff0c-t\u53c2\u6570\u53ef\u6d4b\u8bd5\u7f16\u8bd1\u60c5\u51b5\uff0c&#8211;prefix\uff1a\u6307\u5b9a\u5b89\u88c5\u76ee\u5f55\uff1b&#8211;openssldir\uff1a\u6307\u5b9aopenssl\u914d\u7f6e\u6587\u4ef6\u8def\u5f84\uff1b\u52a0shared\u8fd8\u53ef\u6307\u5b9a\u521b\u5efa\u52a8\u6001\u94fe\u63a5\u5e93<br \/>make \/\/\u7f16\u8bd1\uff0c\u5982\u679c\u7f16\u8bd1\u5931\u8d25\uff0c\u53ef\u6267\u884c.\/make clean,\u6216\u8005\u7f16\u8bd1\u524d\u7528.\/make test\u6d4b\u8bd5\u7f16\u8bd1\u60c5\u51b5\u800c\u4e0d\u76f4\u63a5\u7f16\u8bd1<br \/>make install \/\/\u7f16\u8bd1\u6210\u529f\u540e\u5b89\u88c5<\/p>\n<p>\u6ce8\u610f\uff1a\u7f16\u8bd1\u5931\u8d25\u53ef\u80fd\u9700\u8981\u66f4\u65b0zlib\uff08http:\/\/www.zlib.net\/\uff09\u548cgcc\uff0c\u6ce8\u610f\u63d0\u793a<br \/>gcc -v \/\/\u786e\u5b9a\u5f53\u524dgcc\u7248\u672c\uff0c\u6309\u9700\u5347\u7ea7<br \/>cat \/usr\/lib64\/pkgconfig\/zlib.pc \/\/\u786e\u5b9a\u5f53\u524dzlib\u7248\u672c\uff0c\u6309\u9700\u5347\u7ea7<br \/>\u6216\u5c1d\u8bd5yum upgrade zlib zlib-devel gcc* -y \/\/update\u5347\u7ea7\u5305\u4fdd\u7559\u65e7\u7248\u672c\uff0cupgrade\u5347\u7ea7\u540e\u5220\u9664\u65e7\u7248\u672c\uff0c\u5982\u679c\u4e0d\u8ddf\u5177\u4f53\u5305\u540d\uff0cupdate\u7ea7\u6240\u6709\u5305\u540c\u65f6\u4e5f\u5347\u7ea7\u8f6f\u4ef6\u548c\u7cfb\u7edf\u5185\u6838\uff08\u5347\u7ea7\u73af\u5883\u53ef\u80fd\u4f1a\u5bfc\u81f4\u751f\u6210\u4e8b\u6545)\uff0cupgrade \u5347\u7ea7\u540e\uff0c\u53ea\u5347\u7ea7\u6240\u6709\u5305\uff0c\u4e0d\u5347\u7ea7\u8f6f\u4ef6\u548c\u7cfb\u7edf\u5185\u6838\u3002\u8fd9\u4e0d\u540c\u4e8eubuntu\u73af\u5883\uff0cupdate \u662f\u540c\u6b65 \/etc\/apt\/sources.list \u548c \/etc\/apt\/<br \/>sources.list.d \u4e2d\u5217\u51fa\u7684\u6e90\u7684\u7d22\u5f15\uff0c\u4ee5\u53d8upgrade\u65f6\u83b7\u53d6\u5230\u6700\u65b0\u7684\u8f6f\u4ef6\u5305\u8fdb\u884c\u5b89\u88c5\uff0c\u5728\u6267\u884c upgrade \u4e4b\u524d\u8981\u6267\u884c update\u624d\u80fd\u4ece\u6700\u65b0\u8f6f\u4ef6\u5305\u66f4\u65b0\u3002<\/p>\n<p>3\u3001\u66ff\u6362\u539f\u6709\u65e7openssl\u6587\u4ef6\uff1a<\/p>\n<p>1\uff09\/usr\/local\/bin\uff1a<\/p>\n<p>ln -sf \/usr\/local\/openssl\/bin\/openssl \/usr\/bin\/openssl<br \/>ln -s \/usr\/local\/ssl\/include\/openssl \/usr\/include\/openssl<br \/>2\uff09\u914d\u7f6e\u6587\u4ef6\/usr\/local\/ssl\uff1a\u5907\u4efd<br \/>3\uff09\u5e93\u6587\u4ef6\u68c0\u67e5\uff1a\/usr\/local\/lib64 \/\/\u6839\u636e\u5b9e\u9645\u7684\u73af\u5883\u5e93\u6587\u4ef6\u4f4d\u7f6e\u914d\u7f6e\uff0c\u6709\u7684\u4e3ausr\/local\/ssl\/lib\uff0c\u6ce8\u610f\u5177\u4f53\u4f4d\u7f6e\u3002\u5982\u4e0d\u653e\u5fc3\uff0c\u6574\u4e2a\u5e93\u6587\u4ef6\u5939\u5907\u4efd\u3002<br \/>4)\u9a8c\u8bc1\uff1aldconfig -v|grep ssl \/\/\u786e\u5b9a\u94fe\u63a5\u5e93<br \/>5\uff09\u7248\u672c\u9a8c\u8bc1\uff1aopenssl version<br \/>\u5982\u679c\u6267\u51fa\u73b0openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory\u9519\u8bef\uff0c\u5373\u7f3a\u5c11\u76f8\u5173\u5e93\u4f9d\u8d56\uff0c\u8bf7\u68c0\u67e5\u4ee5\u4e0b\u5e93\u6587\u4ef6\uff0c\u6267\u884c\uff1a<\/p>\n<p>ln -s \/usr\/local\/lib\/libcrypto.so.1.1 \/usr\/lib64\/libcrypto.so.1.1<br \/>ln -s \/usr\/local\/lib\/libssl.so.1.1 \/usr\/lib64\/libssl.so.1.1<\/p>\n<p>ldconfig -v|grep ssl \/\/\u786e\u5b9a\u94fe\u63a5\u5e93\u6b63\u5e38<\/p>\n<p>echo &#8220;\/usr\/local\/lib64&#8221; &gt;&gt; \/etc\/ld.so.conf \/\/\u5c06\u65b0\u7684\u5e93\u6587\u4ef6\u5730\u5740\u5199\u5165\u8bb0\u5f55so\u5e93\u7684\u914d\u7f6e\u6587\u4ef6\uff0c\u66f4\u65b0\u52a8\u6001\u94fe\u63a5\u5e93\u6570\u636e<\/p>\n<p>\u518d\u6b21\u9a8c\u8bc1\uff1aopenssl version<\/p>\n<p>\u4e09\u3001\u9644\u5f551\uff1a\u5173\u4e8essl\u7b97\u6cd5\u6d89\u53ca\u7684\u6f0f\u6d1e<br \/>1\uff09\u83b7\u53d6\u5f53\u524d\u67e5\u8be2OpenSSH\u5e94\u7528\u7684\u7b97\u6cd5\uff1a<\/p>\n<p>SSH \u63d0\u4f9b\u4e86\u4e00\u4e9b\u53ef\u7528\u7684\u52a0\u5bc6\u7b97\u6cd5\u3002\u53ef\u4ee5\u5728\/etc\/ssh\/ssh_config or ~\/.ssh\/config\u6587\u4ef6\u4e2d\u770b\u5230<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715104608-f003a.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\u9ed8\u8ba4\u7684\uff0cSSH \u4f1a\u4f7f\u7528 3DES \u7b97\u6cd5\uff0c\u4f46des\u4f1a\u88ab\u67d0\u6f0f\u6d1e\u5229\u7528\uff0cTLS, SSH, IPSec\u534f\u5546\u53ca\u5176\u4ed6\u4ea7\u54c1\u4e2d\u4f7f\u7528\u7684DES\u53caTriple DES\u5bc6\u7801\u5b58\u5728\u5927\u7ea6\u56db\u5341\u4ebf\u5757\u7684\u751f\u65e5\u754c\uff0c\u8fd9\u53ef\u4f7f\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7Sweet32\u653b\u51fb\uff0c\u83b7\u53d6\u7eaf\u6587\u672c\u6570\u636e\u3002\u5982\u679c\u60f3\u4ecessh\u79fb\u9664\u67d0\u79cd\u7b97\u6cd5\uff0c\u5220\u6389\u5373\u53ef\u3002<\/p>\n<p>sshd -T |grep ciphers \/\/\u547d\u4ee4\u65b9\u5f0f\uff1a\u8f93\u51fa\u5982\u4e0b<br \/>ciphers aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc<\/p>\n<p>2\uff09\u67e5\u770blinux\u670d\u52a1\u5668\u4e0a\u652f\u6301\u7684ssh\u5bf9\u79f0\u79d8\u94a5\uff1a<\/p>\n<p>ssh -Q cipher \/\/\u8f93\u51fa\u5982\u4e0b<\/p>\n<p>3des-cbc<br \/>aes128-cbc<br \/>aes192-cbc<br \/>aes256-cbc<br \/>rijndael-cbc@lysator.liu.se<br \/>aes128-ctr<br \/>aes192-ctr<br \/>aes256-ctr<br \/>aes128-gcm@openssh.com<br \/>aes256-gcm@openssh.com<br \/>chacha20-poly1305@openssh.com<\/p>\n<p>3\uff09\u67e5\u770b\u652f\u6301\u8eab\u4efd\u9a8c\u8bc1\u52a0\u5bc6\u7684\u5bf9\u79f0\u79d8\u94a5<\/p>\n<p>ssh -Q cipher-auth \/\/\u8f93\u51fa\u5982\u4e0b<br \/>aes128-gcm@openssh.com<br \/>aes256-gcm@openssh.com<br \/>chacha20-poly1305@openssh.com<\/p>\n<p>4\uff09\u67e5\u770b\u652f\u6301\u7684\u6d88\u606f\u5b8c\u6574\u6027\u79d8\u94a5<\/p>\n<p>ssh -Q mac \/\/\u8f93\u51fa\u5982\u4e0b<\/p>\n<p>hmac-sha1<br \/>hmac-sha1-96<br \/>hmac-sha2-256<br \/>hmac-sha2-512<br \/>hmac-md5<br \/>hmac-md5-96<br \/>umac-64@openssh.com<br \/>umac-128@openssh.com<br \/>hmac-sha1-etm@openssh.com<br \/>hmac-sha1-96-etm@openssh.com<br \/>hmac-sha2-256-etm@openssh.com<br \/>hmac-sha2-512-etm@openssh.com<br \/>hmac-md5-etm@openssh.com<br \/>hmac-md5-96-etm@openssh.com<br \/>umac-64-etm@openssh.com<br \/>umac-128-etm@openssh.com<\/p>\n<p>\u6307\u5b9a\u79d8\u94a5\u7b97\u6cd5\u8fdb\u884cssh\u8fde\u63a5<br \/>\u7528\u6cd5\uff1assh -oCiphers=aes128-ctr server_IP<\/p>\n<p>\u793a\u4f8b\u9a8c\u8bc1ssh-rsa\u52a0\u5bc6\u7b97\u6cd5\u7684ssh\u8fde\u63a5\uff1a<\/p>\n<p>ssh -oHostKeyAlgorithms=-ssh-rsa user@host<br \/>1<br \/>\u5982\u679c\u4e3b\u673a\u5bc6\u94a5\u9a8c\u8bc1\u5931\u8d25\uff0c\u5e76\u4e14\u6ca1\u6709\u5176\u4ed6\u53d7\u652f\u6301\u7684\u4e3b\u673a\u5bc6\u94a5\u7c7b\u578b\u53ef\u7528\uff0c\u5219\u8be5\u4e3b\u673a\u4e0a\u7684\u670d\u52a1\u5668ssh\u8f6f\u4ef6\u5e94\u5347\u7ea7\u3002<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/653eb-20210521095707533.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>6\uff09Powershell\u96c6\u6210OPENSSL\u5ba2\u6237\u7aef<\/p>\n<p>\uff081\uff09\u4e0b\u8f7dOPENSSL\uff0c\u5730\u5740\u4e3ahttps:\/\/sourceforge.net\/projects\/sshwindows\/?source=typ_redirect<br \/>\uff082\uff09\u89e3\u538b\u7f29\u540e\uff0c\u53cc\u51fb\u5b89\u88c5\uff0c\u53ea\u9700\u5b89\u88c5\u5ba2\u6237\u7aef\uff1b<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715104608-1df75.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\uff083\uff09\u4e4b\u540e\u914d\u7f6e\u73af\u5883\u53d8\u91cf\uff1aC:\\Program Files (x86)\\OpenSSH\\bin&#8221;\u52a0\u5165\u5230PATH\u4e0b\uff1b<\/p>\n<p>\uff084\uff09\u9a8c\u8bc1\uff1a<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715104609-eea2e.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\uff085\uff09TLS\u8bc1\u4e66\u751f\u6210\uff1a<\/p>\n<p>openssl genrsa -out ca.key 1024<br \/>openssl req -new -key ca.key -out ca.csr<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715104609-dcc6b.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\uff086\uff09\u6d4b\u8bd5\uff1a<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715104609-3e9e1.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\u00a0<\/p>\n<p>7\uff09\u7981\u7528\u5f31\u79d8\u94a5\u4ea4\u6362\u7b97\u6cd5\u548c\u5f31MAC\u7b97\u6cd5<\/p>\n<p>\u6f0f\u6d1e\u63cf\u8ff0\uff1a<\/p>\n<p>\u8fdc\u7a0b SSH \u670d\u52a1\u5668\u88ab\u914d\u7f6e\u4e3a\u5141\u8bb8\u88ab\u8ba4\u4e3a\u662f\u5f31\u7684\u5bc6\u94a5\u4ea4\u6362\u7b97\u6cd5\u3002\u8fd9\u662f\u57fa\u4e8e IETF \u8349\u6848\u6587\u6863 Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20\u3002\u7b2c 4 \u8282\u5217\u51fa\u4e86\u5173\u4e8e\u4e0d\u5e94\u548c\u4e0d\u5f97\u542f\u7528\u7684\u5bc6\u94a5\u4ea4\u6362\u7b97\u6cd5\u7684\u6307\u5357\u3002\u8fd9\u5305\u62ec\uff1a diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 gss-gex-sha1-* gss-group1-sha1-* gss-group14-sha1-* rsa1024-sha1 \u6ce8\u610f\u8fd9\u4e2a\u63d2\u4ef6\u53ea\u68c0\u67e5SSH \u670d\u52a1\u5668\u7684\u9009\u9879\uff0c\u5b83\u4e0d\u68c0\u67e5\u6613\u53d7\u653b\u51fb\u7684\u8f6f\u4ef6\u7248\u672c<\/p>\n<p>#\u68c0\u6d4b<br \/>nmap &#8211;script ssh2-enum-algos -sV -p 22 dst_ip<br \/>#\u4fee\u6539\/etc\/ssh\/sshd_config,\u5728\u6587\u4ef6\u672b\u5c3e\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9\uff0c\u5b8c\u6210\u540e\u91cd\u542fssh\u670d\u52a1<\/p>\n<p>Ciphers aes128-ctr,aes192-ctr,aes256-ctr<br \/>MACs hmac-sha1,hmac-ripemd160<\/p>\n<p>#\u9a8c\u8bc1<br \/>ssh -vv -oCiphers=aes128-cbc,3des-cbc,blowfish-cbc &lt;server_ip&gt;<br \/>ssh -p 12022 -vv -oMACs=hmac-md5 &lt;server_ip&gt; #\u6210\u529f\u540e\u4f1a\u63d0\u793a\u4f7f\u7528hmac-md5\u767b\u5f55\u5931\u8d25<\/p>\n<p><br \/>\u56db\u3001\u9644\u5f552\uff1assh\u53c2\u6570\u56de\u987e<br \/>1\uff09\u4f7f\u7528 -l \u9009\u9879\u53c2\u6570\uff0c\u6307\u5b9a\u7528\u975e\u5f53\u524d\u7528\u6237\u767b\u5f55\uff0c\u7b49\u540c\u4e0essh \u6307\u5b9a\u7528\u6237@sshd_IP<\/p>\n<p>2\uff09\u7528 *-p \u9009\u9879\uff0c\u540e\u9762\u5728\u52a0\u4e0a SSH \u7aef\u53e3\u53f7\uff0c\u6307\u5b9asshd\u7aef\u53e3<\/p>\n<p>3\uff09 -v \u9009\u9879\u53c2\u6570\uff0c\u4f7f\u7528\u8c03\u8bd5\u6a21\u5f0f\u9a8c\u8bc1\u5efa\u7acb\u7684 SSH \u8fde\u63a5\u60c5\u51b5<\/p>\n<p>4\uff09\u6307\u5b9assh\u8fde\u63a5\u7684\u6e90\u5730\u5740\uff0c\u9002\u7528\u4e8e\u5ba2\u6237\u7aef\u6709\u591a\u4e8e\u4e24\u4e2a\u4ee5\u4e0a\u7684 IP \u5730\u5740\uff0c\u96be\u5206\u6e05\u695a\u9ed8\u8ba4\u4f7f\u7528\u54ea\u4e00\u4e2a IP \u8fde\u63a5\u5230 SSH \u670d\u52a1\u5668\uff0c\u4f7f\u7528 -b \u9009\u9879\u6765\u6307\u5b9a\u4e00\u4e2aIP \u5730\u5740\u3002\u8fd9\u4e2a IP \u5c06\u4f1a\u88ab\u4f7f\u7528\u505a\u5efa\u7acb\u8fde\u63a5\u7684\u6e90\u5730\u5740\u3002<\/p>\n<p>\u793a\u4f8b\uff1a$ ssh -b 192.168.10.12 -l blue 192.168.10.205<\/p>\n<p>5\uff09\u4f7f\u7528 -F \u9009\u9879\u6307\u5b9a\u8981\u4f7f\u7528\u7684ssh\u914d\u7f6e\u6587\u4ef6<\/p>\n<p>\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cssh \u4f1a\u4f7f\u7528\u4f4d\u4e8e \/etc\/ssh\/ssh_config \u7684\u914d\u7f6e\u6587\u4ef6\u3002\u8fd9\u4e2a\u914d\u7f6e\u6587\u4ef6\u4f5c\u7528\u4e8e\u7cfb\u7edf\u7684\u6240\u6709\u7528\u6237\u3002\u4f46\u4f60\u60f3\u8981\u4e3a\u7279\u5b9a\u7684\u7528\u6237\u6307\u5b9a\u7279\u6b8a\u7684\u8bbe\u7f6e\u7684\u8bdd\uff0c\u53ef\u4ee5\u628a\u914d\u7f6e\u653e\u5165 ~\/.ssh\/config \u6587\u4ef6\u4e2d\u3002\u5982\u679c\u6b64\u6587\u4ef6\u4e0d\u5b58\u5728\uff0c\u53ef\u4ee5\u624b\u5de5\u521b\u5efa\u4e00\u4e2a\u3002<\/p>\n<p>\u793a\u4f8b\uff1a\u6bd4\u5982\u521b\u5efamy_ssh_config\u6587\u4ef6<\/p>\n<p>Host 192.168.10.*<br \/>ForwardX11 yes<br \/>PasswordAuthentication yes<br \/>ConnectTimeout 10<br \/>Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc<br \/>Protocol 2<br \/>HashKnownHosts yes<br \/><br \/>$ ssh -F \/~\/.ssh\/my_ssh_config 192.168.10.205<br \/><br \/>6\uff09\u4f7f\u7528-X\u53c2\u6570\u6765\u4f7f\u7528 SSH X11 Forwarding<\/p>\n<p>\u67d0\u4e9b\u65f6\u5019\uff0c\u60f3\u628a\u670d\u52a1\u7aef\u7684 X11 \u5e94\u7528\u7a0b\u5e8f\u663e\u793a\u5230\u5ba2\u6237\u7aef\u8ba1\u7b97\u673a\u4e0a\uff0cSSH \u63d0\u4f9b\u4e86 -X \u9009\u9879\u3002\u4f46\u8981\u542f\u7528\u8fd9\u529f\u80fd\uff0c\u6211\u4eec\u9700\u8981\u5728\u670d\u52a1\u5668\u7aef\uff0c\u5728 \/etc\/ssh\/ssh_config \u6587\u4ef6\u4e2d\u7684\u884c\u8bbe\u7f6e\u6210 ForwardX11 yes \u6216\u8005 X11Forwad yes\uff0c\u4ee5\u542f\u7528 X11 Forwarding\uff0c\u91cd\u542f SSH \u670d\u52a1\u7a0b\u5e8f\u3002<\/p>\n<p>\u7136\u540e\u5728\u5ba2\u6237\u7aef\uff0c\u8f93\u5165 ssh -X user@host:<\/p>\n<p>$ ssh -X blue@192.168.10.205<br \/>1<br \/>\u767b\u9646\u540e\u8f93\u5165\uff1a$ echo $DISPLAY \/\/\u68c0\u67e5\uff0c\u53ef\u4ee5\u770b\u5230\u5411\u5982\u4e0b\u7c7b\u4f3c\u8f93\u51fa<\/p>\n<p>localhost:10:0<\/p>\n<p>\u968f\u540e\u5c31\u53ef\u4ee5\u8fd0\u884c\u5e94\u7528\u4e86\uff0c\u4ec5\u4ec5\u53ea\u80fd\u8f93\u5165\u5e94\u7528\u7a0b\u5e8f\u7684\u547d\u4ee4\u3002\u6bd4\u5982\u60f3\u8fd0\u884c xclock \u7a0b\u5e8f\uff0c\u8f93\u5165\uff1a<\/p>\n<p>$ xclock \/\/\u68c0\u67e5xclock \u786e\u5b9e\u662f\u8fd0\u884c\u5728\u8fdc\u7aef\u7cfb\u7edf\u7684\uff0c\u4f46\u5b83\u4f1a\u5728\u4f60\u7684\u672c\u5730\u7cfb\u7edf\u91cc\u663e\u793a\u4e86\u3002<\/p>\n<p>\u4e94\u3001\u9644\u5f553\uff1a\u5bf9\u5e94windows\u6f0f\u6d1e\u5904\u7406\uff1a<br \/>1\uff09\u6253\u5f00windows\u7684Internet\u5c5e\u6027\uff0c\u627e\u5230\u9ad8\u7ea7\u2013\u5b89\u5168\uff1a\u53d6\u6c9fTLS1.0\u548c1.1\uff0c\u53ea\u4fdd\u75591.2;1.3\u4e5f\u4e0d\u52fe\u9009\u3002<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105803-8d361.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>2\uff09\u6253\u5f00\u7ec4\u7b56\u7565gpedit.msc,\u7981\u7528\u5f31\u5bc6\u7801\u7b97\u6cd5\u5373\u53ef\uff0c\u914d\u7f6e\u5982\u4e0b\uff1a<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105803-99c3f.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>#\u9ed8\u8ba4\u5982\u4e0b\uff0c\u6ca1\u6709IDEA<br \/>TLS_AES_256_GCM_SHA384\u3001TLS_AES_128_GCM_SHA256\u3001TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\u3001TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\u3001TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\u3001TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\u3001TLS_DHE_RSA_WITH_AES_256_GCM_SHA384\u3001TLS_DHE_RSA_WITH_AES_128_GCM_SHA256\u3001TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384\u3001TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256\u3001TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384\u3001TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256\u3001TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\u3001TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\u3001TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\u3001TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\u3001TLS_RSA_WITH_AES_256_GCM_SHA384\u3001TLS_RSA_WITH_AES_128_GCM_SHA256\u3001TLS_RSA_WITH_AES_256_CBC_SHA256\u3001TLS_RSA_WITH_AES_128_CBC_SHA256\u3001TLS_RSA_WITH_AES_256_CBC_SHA\u3001TLS_RSA_WITH_AES_128_CBC_SHA\u3001TLS_RSA_WITH_3DES_EDE_CBC_SHA\u3001TLS_RSA_WITH_NULL_SHA256\u3001TLS_RSA_WITH_NULL_SHA\u3001TLS_PSK_WITH_AES_256_GCM_SHA384\u3001TLS_PSK_WITH_AES_128_GCM_SHA256\u3001TLS_PSK_WITH_AES_256_CBC_SHA384\u3001TLS_PSK_WITH_AES_128_CBC_SHA256\u3001TLS_PSK_WITH_NULL_SHA384\u3001TLS_PSK_WITH_NULL_SHA256<br \/><br \/>\u5bf9\u5e94\u82f1\u6587\u754c\u9762\uff1a<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105804-67f65.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\u9ed8\u8ba4\u542f\u7528\u540e\u7684\u5bc6\u7801\u7b97\u6cd5\u5982\u4e0b\uff1a<\/p>\n<p>TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA\uff08\u73b0\u573a\u5c31\u8fd9\u4e00\u4e2a\u79fb\u9664\u5373\u53ef\uff09,TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_NULL_SHA,TLS_PSK_WITH_AES_256_GCM_SHA384,TLS_PSK_WITH_AES_128_GCM_SHA256,TLS_PSK_WITH_AES_256_CBC_SHA384,TLS_PSK_WITH_AES_128_CBC_SHA256,TLS_PSK_WITH_NULL_SHA384,TLS_PSK_WITH_NULL_SHA256<br \/><br \/>\u4f46\u4e0a\u8ff0\u5217\u8868\u6709\u4e2a\u9650\u5236\uff0c\u4e0d\u80fd\u8d85\u8fc7 1,023 \u4e2a\u5b57\u7b26\uff1b\u4e0a\u8ff0\u7684\u7b97\u6cd5\u5217\u8868\u662f\u53f2\u8482\u592b\u00b7\u5409\u5e03\u68ee(Steve Gibson)\u5728GRC.com\u4e0a\u6c47\u603b\u7684\u5217\u8868\uff0c\u53ef\u63a8\u8350\u4f7f\u7528\u3002\u5217\u8868\u5fc5\u987b\u662f\u4e00\u4e2a\u4e0d\u95f4\u65ad\u7684\u5b57\u7b26\u4e32\uff0c\u6bcf\u4e2a\u5bc6\u7801\u90fd\u7528**\u9017\u53f7**\u5206\u9694\u3002 \u6211\u4eec\u9700\u8981\u590d\u5236\u683c\u5f0f\u5316\u7684\u6587\u672c\u5e76\u5c06\u5176\u7c98\u8d34\u5230\u201c SSL Cipher Suites\u201d\u5b57\u6bb5\u4e2d\uff0c\u7136\u540e\u5355\u51fb\u201c\u786e\u5b9a\u201d\u3002 \u6700\u540e\uff0c\u8981\u4f7f\u66f4\u6539\u751f\u6548\uff0c\u5fc5\u987b\u91cd\u65b0\u542f\u52a8OS\u3002<\/p>\n<p>\u6ce8\uff1a\u4ece\u5bc6\u7801\u5957\u4ef6\u5217\u8868\u4e2d\u79fb\u9664\u6807\u8bc6\u4e3a\u5f31\u7684\u5bc6\u7801\u5957\u4ef6\uff0c\u53ef\u53c2\u8003http:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/bb870930(v=vs.85).aspx\uff1b\u5bf9\u4e8e Apache TomCat \u670d\u52a1\u5668\uff0c\u8bf7\u9075\u5faa\u4ee5\u4e0b\u6307\u793a\u4fe1\u606f\uff1a\u53c2\u7167\u793a\u4f8b\uff1b\u79fb\u9664\u9ed8\u8ba4\u76843DES\uff0cDES<\/p>\n<p>TLS_AES_256_GCM_SHA384\u3001TLS_AES_128_GCM_SHA256\u3001TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\u3001TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\u3001TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\u3001TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\u3001TLS_DHE_RSA_WITH_AES_256_GCM_SHA384\u3001TLS_DHE_RSA_WITH_AES_128_GCM_SHA256\u3001TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384\u3001TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256\u3001TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384\u3001TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256\u3001TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\u3001TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\u3001TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\u3001TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\u3001TLS_RSA_WITH_AES_256_GCM_SHA384\u3001TLS_RSA_WITH_AES_128_GCM_SHA256\u3001TLS_RSA_WITH_AES_256_CBC_SHA256\u3001TLS_RSA_WITH_AES_128_CBC_SHA256\u3001TLS_RSA_WITH_AES_256_CBC_SHA\u3001TLS_RSA_WITH_AES_128_CBC_SHA\u3001\u3001TLS_RSA_WITH_NULL_SHA256\u3001TLS_RSA_WITH_NULL_SHA\u3001TLS_PSK_WITH_AES_256_GCM_SHA384\u3001TLS_PSK_WITH_AES_128_GCM_SHA256\u3001TLS_PSK_WITH_AES_256_CBC_SHA384\u3001TLS_PSK_WITH_AES_128_CBC_SHA256\u3001TLS_PSK_WITH_NULL_SHA384\u3001TLS_PSK_WITH_NULL_SHA256<br \/><br \/>\u9a8c\u8bc1\uff1agpupdate \/target:computer\uff0c\u5728\u3010PowerShell\u3011\u4e0a\u6267\u884c\u547d\u4ee4\uff1aGet-TlsCipherSuite<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105805-7b279.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>3\uff09\u5220\u9664windows\u9ed8\u8ba4CA\u8bc1\u4e66<\/p>\n<p>\u8fd0\u884c\u2014mmc\u2014\u6253\u5f00\u3010\u7ba1\u7406\u63a7\u5236\u53f0\u3011\u2013\u6587\u4ef6\u2014\u6dfb\u52a0\/\u5220\u9664\u7ba1\u7406\u5355\u5143\uff1a<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105805-b9376.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105805-1c1d6.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105805-8ee04.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105805-bc664.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\u67e5\u770b\u786e\u8ba4\u540e\uff0c\u5220\u9664\u9ed8\u8ba4\u8bc1\u4e66\uff1a<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105806-c6b57.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105806-b737d.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\u91cd\u65b0\u5bfc\u5165\/\u914d\u7f6e\u65b0\u7684CA\u8bc1\u4e66\uff1a\uff08\u53ef\u751f\u4ea7\u65b0\u7684CA\u8bc1\u4e66\/\u6216Linux\u751f\u4ea7\u8bc1\u4e66\u5bfc\u5165\u5230Windows\uff0c\u9ed8\u8ba4\u7684\u8bc1\u4e66\u91c7\u7528TLS1.0\u7684\u52a0\u5bc6\u65b9\u5f0f\uff0cNessus\u7b49\u626b\u63cf\u5668\u4f1a\u63d0\u793a\u201c\u8106\u5f31\u7684\u52a0\u5bc6&#8221;\uff0c\u62a5\u6f0f\u6d1e\uff09<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105806-a95fc.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105806-2bf83.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\u6216\u8005\u5bfc\u5165\u4e2a\u4eba\u76ee\u5f55\uff0c\u7136\u540e\u518d\u6388\u6743\uff1a<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105807-793ac.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105807-475b4.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\u6dfb\u52a0 NETWORK SERVICE \u7528\u6237\uff0c\u5e76\u6388\u4e88\u8bfb\u6743\u9650\uff1a<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105807-9b513.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\u6253\u5f00\u6ce8\u518c\u8868\uff0c\u5b9a\u4f4d\u5230\uff1aHKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp \uff0c\u7136\u540e\u6dfb\u52a0\u5982\u4e0b\u9879\uff1aSSLCertificateSHA1Hash\uff0c\u7c7b\u578bREG_BINARY\uff0c<\/p>\n<p>reg add &#8220;HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp&#8221; \/v &#8220;SSLCertificateSHA1Hash&#8221; \/t REG_BINARY \/d &#8220;\u6307\u7eb9&#8221; \/f<\/p>\n<p>reg add &#8220;HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Client&#8221; \/v &#8220;Enabled&#8221; \/t REG_DWORD \/d &#8220;1&#8221; \/f<\/p>\n<p>reg add &#8220;HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Client&#8221; \/v &#8220;DisabledByDefault&#8221; \/t REG_DWORD \/d &#8220;0&#8221; \/f<\/p>\n<p>RunDll32.exe USER32.DLL,UpdatePerUserSystemParameters<br \/><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105807-365d0.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\u6253\u5f00\u4e0a\u8ff0\u65b0\u589eCA\u8bc1\u4e66\u7684\u5c5e\u6027\u503c\uff0c\u67e5\u770b \u8be6\u7ec6\u4fe1\u606f \u4e2d\u9009\u62e9 \u6307\u7eb9 \uff0c\u8bb0\u5f55\u4e0b\u6307\u7eb9\u7684\u503c\uff0c\u5199\u5165\u5230\u5982\u4e0b\u56fe\u6240\u793a\uff0c\u6570\u503c\u6846\u5185:<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105807-aa79b.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>4\uff09\u6ce8\u518c\u8868\u65b9\u5f0f\uff1a\uff08\u8bf7\u8c28\u614e\u9009\u62e9\uff0c\u672a\u9a8c\u8bc1\uff09<\/p>\n<p>1&gt;\u6253\u5f00\u6587\u672c\u6587\u4ef6\uff0c\u7c98\u8d34\u4e00\u4e0b\u5185\u5bb9\uff0c\u4fdd\u5b58\u4e3a*.reg\u6587\u4ef6\uff0c\u5bfc\u5165\u6ce8\u518c\u8868\u91cd\u542f\uff08\u5bfc\u5165\u524d\u8bf7\u5148\u5907\u4efd\u6ce8\u518c\u8868\uff09<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL]<br \/>&#8220;EventLogging&#8221;=dword:00000001<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\AES 128\/128]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\AES 256\/256]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\DES 56\/56]<br \/>&#8220;Enabled&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\NULL]<br \/>&#8220;Enabled&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\RC2 128\/128]<br \/>&#8220;Enabled&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\RC2 40\/128]<br \/>&#8220;Enabled&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\RC4 128\/128]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\RC4 40\/128]<br \/>&#8220;Enabled&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\RC4 56\/128]<br \/>&#8220;Enabled&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\RC4 64\/128]<br \/>&#8220;Enabled&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\Triple DES 168\/168]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\CipherSuites]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Hashes]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Hashes\\MD5]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Hashes\\SHA]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\KeyExchangeAlgorithms]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\KeyExchangeAlgorithms\\Diffie-Hellman]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\KeyExchangeAlgorithms\\PKCS]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\Multi-Protocol Unified Hello]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\Multi-Protocol Unified Hello\\Server]<br \/>&#8220;Enabled&#8221;=dword:00000000<br \/>&#8220;DisabledByDefault&#8221;=dword:00000001<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\PCT 1.0]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\PCT 1.0\\Server]<br \/>&#8220;Enabled&#8221;=dword:00000000<br \/>&#8220;DisabledByDefault&#8221;=dword:00000001<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\SSL 2.0]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\SSL 2.0\\Client]<br \/>&#8220;DisabledByDefault&#8221;=dword:0000ffff<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\SSL 2.0\\Server]<br \/>&#8220;Enabled&#8221;=dword:00000000<br \/>&#8220;DisabledByDefault&#8221;=dword:00000001<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\SSL 3.0]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\SSL 3.0\\Server]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<br \/>&#8220;DisabledByDefault&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0\\Server]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<br \/>&#8220;DisabledByDefault&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Server]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<br \/>&#8220;DisabledByDefault&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Server]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<br \/>&#8220;DisabledByDefault&#8221;=dword:00000000<\/p>\n<p><br \/>\u5982\u679c\u4e0a\u8ff0\u9a8c\u8bc1\u65e0\u6548\uff0c\u5c1d\u8bd5\u4ee5\u4e0b\u5185\u5bb9\uff1a<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL]<br \/>&#8220;EventLogging&#8221;=dword:00000001<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\AES 128\/128]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\AES 256\/256]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\DES 56\/56]<br \/>&#8220;Enabled&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\NULL]<br \/>&#8220;Enabled&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\RC2 128\/128]<br \/>&#8220;Enabled&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\RC2 40\/128]<br \/>&#8220;Enabled&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\RC2 56\/128]<br \/>&#8220;Enabled&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\RC4 128\/128]<br \/>&#8220;Enabled&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\RC4 40\/128]<br \/>&#8220;Enabled&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\RC4 56\/128]<br \/>&#8220;Enabled&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\RC4 64\/128]<br \/>&#8220;Enabled&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\Triple DES 168\/168]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\CipherSuites]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Hashes]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Hashes\\MD5]<br \/>&#8220;Enabled&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Hashes\\SHA]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\KeyExchangeAlgorithms]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\KeyExchangeAlgorithms\\Diffie-Hellman]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\KeyExchangeAlgorithms\\PKCS]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\Multi-Protocol Unified Hello]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\Multi-Protocol Unified Hello\\Server]<br \/>&#8220;Enabled&#8221;=dword:00000000<br \/>&#8220;DisabledByDefault&#8221;=dword:00000001<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\PCT 1.0]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\PCT 1.0\\Server]<br \/>&#8220;Enabled&#8221;=dword:00000000<br \/>&#8220;DisabledByDefault&#8221;=dword:00000001<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\SSL 2.0]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\SSL 2.0\\Client]<br \/>&#8220;DisabledByDefault&#8221;=dword:0000ffff<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\SSL 2.0\\Server]<br \/>&#8220;Enabled&#8221;=dword:00000000<br \/>&#8220;DisabledByDefault&#8221;=dword:00000001<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\SSL 3.0]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\SSL 3.0\\Server]<br \/>&#8220;Enabled&#8221;=dword:00000000<br \/>&#8220;DisabledByDefault&#8221;=dword:00000001<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0\\Server]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<br \/>&#8220;DisabledByDefault&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Server]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<br \/>&#8220;DisabledByDefault&#8221;=dword:00000000<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2]<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Server]<br \/>&#8220;Enabled&#8221;=dword:ffffffff<br \/>&#8220;DisabledByDefault&#8221;=dword:00000000<br \/><br \/>4\uff09\u624b\u52a8\u4fee\u6539\u6ce8\u518c\u8868 (Regedt32.exe)<\/p>\n<p>1&gt;\uff1a\u627e\u5230\u8ba1\u7b97\u673a\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105807-6b5e7.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\u5907\u4efd\u5b8c\u6210\u540e\u4fee\u6539\uff1a<\/p>\n<p>1&gt;\u7981\u6b62\u7684\u534f\u8bae\u53ef\u4ee5\u5728Protocol\u9879\u91cc\u9762\uff08\u5373SCHANNEL\\Protocols \u5b50\u9879\u4e0b\uff09\u65b0\u5efa\u9879-\u540d\u5b57\u8ddf\u9700\u8981\u7981\u6b62\u7684\u534f\u8bae\u7684\u540d\u5b57\u76f8\u540c:<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105808-553c7.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\u5728\u76ee\u6807\u534f\u8bae\u7684\u9879\u4e0b\u9762\u65b0\u5efaClient\u548cServer\u4e24\u4e2a\u9879\uff0c\u540c\u65f6\u65b0\u5efaDisableByDefault\u548cEnable\u4e24\u4e2aDWORD(32 \u4f4d)<\/p>\n<p>\u201cEnabled\u201d=dword:00000000<\/p>\n<p>\u201cDisabledByDefault\u201d=dword:00000001\uff08\u7981\u7528\u534f\u8bae\uff09<\/p>\n<p>\u7981\u7528 TLS 1.0<br \/>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0\\Server]\u201cEnabled\u201d=dword\uff1a00000000<br \/>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0\\Server]\u201cDisabledByDefault\u201d=dword\uff1a00000001<br \/>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0\\Client]\u201cEnabled\u201d=dword\uff1a00000000<br \/>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0\\Client]\u201cDisabledByDefault\u201d=dword\uff1a00000001<br \/>\\<br \/>\u7981\u7528TLS1.1<br \/>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Server]\u201cEnabled\u201d=dword\uff1a00000000<br \/>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Server]\u201cDisabledByDefault\u201d=dword\uff1a00000001<br \/>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Client]\u201cEnabled\u201d=dword\uff1a00000000<br \/>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Client]\u201cDisabledByDefault\u201d=dword\uff1a00000001<br \/>\\<br \/>\u7981\u7528 TLS 1.2<br \/>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Server] \u201cEnabled\u201d=dword:00000000<br \/>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Server] \u201cDisabledByDefault\u201d=dword:00000001<br \/>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Client] \u201cEnabled\u201d=dword:00000000<br \/>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Client] \u201cDisabledByDefault\u201d=dword:00000001<br \/>\u6ce8\uff1a\u201cProtocols\u201d\u9879\u4e0b\u7684\u6ce8\u518c\u8868\u9879\u4e2d\u7684\u201cDisabledByDefault\u201d\u503c\u4e0d\u4f18\u5148\u4e8e\u5728\u5305\u542b Schannel \u51ed\u636e\u6570\u636e\u7684 SCHANNEL_CRED \u7ed3\u6784\u4e2d\u5b9a\u4e49\u7684\u201cgrbitEnabledProtocols\u201d\u503c\u3002<\/p>\n<p>\u7981\u7528TLS1.0\u548c1.1\uff0c\u7981\u7528 SSL 2.0\uff0c\u7ba1\u7406\u5458cmd\u5982\u4e0b\u6267\u884c\uff1a<\/p>\n<p>reg add &#8220;HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0\\Client&#8221; \/v &#8220;Enabled&#8221; \/t REG_DWORD \/d &#8220;0&#8221; \/f<\/p>\n<p>reg add &#8220;HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0\\Client&#8221; \/v &#8220;DisabledByDefault&#8221; \/t REG_DWORD \/d &#8220;1&#8221; \/f<\/p>\n<p>reg add &#8220;HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Client&#8221; \/v &#8220;Enabled&#8221; \/t REG_DWORD \/d &#8220;0&#8221; \/f<\/p>\n<p>reg add &#8220;HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Client&#8221; \/v &#8220;DisabledByDefault&#8221; \/t REG_DWORD \/d &#8220;1&#8221; \/f<\/p>\n<p>reg add &#8220;<br \/>HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\SSL 2.0\\Client&#8221; \/v &#8220;Enabled&#8221; \/t REG_DWORD \/d &#8220;0&#8221; \/f<\/p>\n<p>reg add &#8220;<br \/>HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\SSL 2.0\\Client&#8221; \/v &#8220;DisabledByDefault&#8221; \/t REG_DWORD \/d &#8220;1&#8221; \/f<\/p>\n<p>RunDll32.exe USER32.DLL,UpdatePerUserSystemParameters<br \/><br \/>Poershell\u811a\u672c\u6267\u884c\uff1a<\/p>\n<p>#\u7981\u7528 TLS 1.1<br \/>New-Item &#8216;HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Server&#8217; -Force | Out-Null<\/p>\n<p>New-ItemProperty -path &#8216;HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Server&#8217; -name &#8216;Enabled&#8217; -value &#8216;0&#8217; -PropertyType &#8216;DWord&#8217; -Force | Out-Null<\/p>\n<p>New-ItemProperty -path &#8216;HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Server&#8217; -name &#8216;DisabledByDefault&#8217; -value 1 -PropertyType &#8216;DWord&#8217; -Force | Out-Null<\/p>\n<p>New-Item &#8216;HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Client&#8217; -Force | Out-Null<\/p>\n<p>New-ItemProperty -path &#8216;HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Client&#8217; -name &#8216;Enabled&#8217; -value &#8216;0&#8217; -PropertyType &#8216;DWord&#8217; -Force | Out-Null<\/p>\n<p>New-ItemProperty -path &#8216;HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Client&#8217; -name &#8216;DisabledByDefault&#8217; -value 1 -PropertyType &#8216;DWord&#8217; -Force | Out-Null<br \/>Write-Host &#8216;TLS 1.1 has been disabled.&#8217;<\/p>\n<p>#\u7981\u7528 TLS 1.2<br \/>New-Item &#8216;HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Server&#8217; -Force | Out-Null<\/p>\n<p>New-ItemProperty -path &#8216;HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Server&#8217; -name &#8216;Enabled&#8217; -value &#8216;0&#8217; -PropertyType &#8216;DWord&#8217; -Force | Out-Null<\/p>\n<p>New-ItemProperty -path &#8216;HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Server&#8217; -name &#8216;DisabledByDefault&#8217; -value 1 -PropertyType &#8216;DWord&#8217; -Force | Out-Null<\/p>\n<p>New-Item &#8216;HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Client&#8217; -Force | Out-Null<\/p>\n<p>New-ItemProperty -path &#8216;HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Client&#8217; -name &#8216;Enabled&#8217; -value &#8216;0&#8217; -PropertyType &#8216;DWord&#8217; -Force | Out-Null<\/p>\n<p>New-ItemProperty -path &#8216;HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Client&#8217; -name &#8216;DisabledByDefault&#8217; -value 1 -PropertyType &#8216;DWord&#8217; -Force | Out-Null<br \/>Write-Host &#8216;TLS 1.2 has been disabled.&#8217;<br \/><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105809-90743.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105810-24735.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105810-712e1.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>**SCHANNEL\\Ciphers \u5b50\u9879\uff1a**\u7528\u4e8e\u63a7\u5236\u5bf9\u79f0\u7b97\u6cd5\uff08\u5982 DES \u548c RC4\uff09\u7684\u4f7f\u7528\u3002\u627e\u5230SCHANNEL\\Ciphers\\\uff0c\u65b0\u5efa\u5b50\u9879\uff1aTriple DES 168\u548cDES 56\/56<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105811-570a0.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\u542f\u7528\u6216\u7981\u7528\u5176\u4ed6\u5bc6\u7801\u5957\u4ef6:<\/p>\n<p>HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Cryptography\\Configuration\\Local\\SSL\\00010002\u4e2d\u5220\u9664\u7279\u5b9a\u5bc6\u7801\u6765\u7981\u7528\u8fd9\u4e9b\u5bc6\u7801:<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105811-2f942.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>TLS_AES_256_GCM_SHA384<br \/>TLS_AES_128_GCM_SHA256<br \/>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384<br \/>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256<br \/>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384<br \/>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256<br \/>TLS_DHE_RSA_WITH_AES_256_GCM_SHA384<br \/>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256<br \/>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384<br \/>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256<br \/>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384<br \/>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256<br \/>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA<br \/>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA<br \/>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA<br \/>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA<br \/>TLS_RSA_WITH_AES_256_GCM_SHA384<br \/>TLS_RSA_WITH_AES_128_GCM_SHA256<br \/>TLS_RSA_WITH_AES_256_CBC_SHA256<br \/>TLS_RSA_WITH_AES_128_CBC_SHA256<br \/>TLS_RSA_WITH_AES_256_CBC_SHA<br \/>TLS_RSA_WITH_AES_128_CBC_SHA<br \/>TLS_RSA_WITH_3DES_EDE_CBC_SHA #\u5220\u6389\u8fd9\u4e00\u6761<br \/>TLS_RSA_WITH_NULL_SHA256<br \/>TLS_RSA_WITH_NULL_SHA<br \/>TLS_PSK_WITH_AES_256_GCM_SHA384<br \/>TLS_PSK_WITH_AES_128_GCM_SHA256<br \/>TLS_PSK_WITH_AES_256_CBC_SHA384<br \/>TLS_PSK_WITH_AES_128_CBC_SHA256<br \/>TLS_PSK_WITH_NULL_SHA384<br \/>TLS_PSK_WITH_NULL_SHA256<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105811-b146f.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\u540c\u7406\uff0c\u8981\u542f\u7528\u5bc6\u7801\u5957\u4ef6\uff0c\u8bf7\u5c06\u5176\u5b57\u7b26\u4e32\u503c\u6dfb\u52a0\u5230 Functions \u591a\u5b57\u7b26\u4e32\u503c\u952e\u3002 \u4f8b\u5982\uff0c\u5982\u679c\u8981\u542f\u7528TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521\uff0c\u5219\u5c06\u5b83\u6dfb\u52a0\u5230\u5b57\u7b26\u4e32\u4e2d\u3002\u66f4\u591a\u53c2\u770b\u5b98\u65b9\u6587\u6863\u3002<\/p>\n<p>5\uff09\u501f\u52a9IISCrypto\u8f6f\u4ef6\u52a0\u56fa<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105813-6e516.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105813-8541d.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\u5e94\u7528\u4e4b\u540e\u4f1a\u5728\u6ce8\u518c\u8868\u521b\u5efa\u76f8\u5173\u534f\u8bae<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105813-9d77a.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105813-f3cdd.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\u4e4b\u540e\u91cd\u542f\u68c0\u6d4b\u5373\u53ef\u3002\u6216\u6267\u884c<\/p>\n<p>#\u91cd\u542fexplorer<br \/>taskkill \/im explorer.exe \/f<br \/>start &#8220;&#8221; &#8220;C:\\WINDOWS\\explorer.exe&#8221;<br \/>\u6216<br \/>RunDll32.exe USER32.DLL,UpdatePerUserSystemParameters<br \/><br \/>6\uff09\u5982\u4f55\u5b9e\u73b0\u8fdc\u7a0b\u767b\u5f55\u65f6\u663e\u793a\uff1a\u6b63\u5728\u52a0\u5bc6\u8fdc\u7a0b\u8fde\u63a5<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105814-61800.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105814-f01b3.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p><img decoding=\"async\" src=\"http:\/\/blog.nonot.cn\/wp-content\/uploads\/2023\/07\/20230715105814-241bc.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>\u542f\u7528\uff1a\u8981\u6c42\u4f7f\u7528\u7f51\u7edc\u7ea7\u522b\u7684\u8eab\u4efd\u9a8c\u8bc1\u5bf9\u8fdc\u7a0b\u8fde\u63a5\u7684\u7528\u6237\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u201d\uff1b\u5982\u679c\u4e0d\u60f3\u770b\u5230\u7684\u8bdd\u5c31\u5173\u95ed\uff1a<\/p>\n<p>\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014<br \/>\u7248\u6743\u58f0\u660e\uff1a\u672c\u6587\u4e3aCSDN\u535a\u4e3b\u300c\u7f8c\u4fca\u6069\u300d\u7684\u539f\u521b\u6587\u7ae0\uff0c\u9075\u5faaCC 4.0 BY-SA\u7248\u6743\u534f\u8bae\uff0c\u8f6c\u8f7d\u8bf7\u9644\u4e0a\u539f\u6587\u51fa\u5904\u94fe\u63a5\u53ca\u672c\u58f0\u660e\u3002<br \/>\u539f\u6587\u94fe\u63a5\uff1ahttps:\/\/blog.csdn.net\/ximenjianxue\/article\/details\/111983377<\/p>\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u4e00\u3001\u6982\u8ff0SSL\/TLS\u534f\u8bae\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e(CVE-2016-2&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"class_list":["post-825","post","type-post","status-publish","format-standard","hentry","category-webanquan"],"_links":{"self":[{"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/posts\/825","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/comments?post=825"}],"version-history":[{"count":1,"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/posts\/825\/revisions"}],"predecessor-version":[{"id":1244,"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/posts\/825\/revisions\/1244"}],"wp:attachment":[{"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/media?parent=825"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/categories?post=825"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/tags?post=825"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}