Windows Server 2008或2012 修复CVE-2016-2183(SSL/TLS)漏

<p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/3770c517658565f08e053ba3c187948b" alt="" /></p> <h3>修复办法</h3> <p>1、登录服务器，打开windows powershell，运行gpedit.msc，打开“本地组策略编辑器”。 <img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/683c6f6aadd4345a7b6703c2ff67f35d" alt="" /></p> <p>2、打开“本地组策略编辑器”-“计算机配置”-“管理模板”-“网络”-“SSL配置设置”， 在“SSL密码套件顺序”选项上，右键“编辑”。 <img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/d4e980b97a0f3c3c50dd985a546e17ca" alt="" /></p> <p><img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/f51157325ce79044fdc5671735b486ca" alt="" /></p> <p>3、在“SSL密码套件顺序”选在“已启用（E）” ，在“SSL密码套件”下修改SSL密码套件算法，仅保留TLS 1.2 SHA256 和 SHA384 密码套件、TLS 1.2 ECC GCM 密码套件。 （删除原有内容替换为：</p> <pre><code>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521,TLS_ECDHE_ECDSA,WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_NULL_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA）</code></pre> <p>修改后，点击“应用”、“确定”，即可。 <img src="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/3462e44e8c69ec5cfd6c5e112925abde" alt="" /></p>