This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| reg add "HKey_Local_Machine\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman" /f /v ServerMinKeyBitLength /t REG_DWORD /d 0x00000800 | |
| 使用命令提示字元執行 | |
| 需要最高管理者權限 |
解釋:
DWORD是Unsigned integer (32-bit),0x00000800就是2048位元,1024被認為不安全
REF:
https://docs.microsoft.com/zh-tw/windows-server/security/tls/tls-registry-settings
https://thycotic.force.com/support/s/article/TLS-Diffie-Hellman-Hardening
KB3174644
https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644
Weak Diffie-Hellman and the Logjam Attack
https://weakdh.org
沒有留言:
張貼留言