gpt4 book ai didi

google-app-engine - 是否可以禁止在 Google App Engine 上使用 SSL 3.0 版?

转载 作者:太空宇宙 更新时间:2023-11-03 13:17:31 25 4
gpt4 key购买 nike

如果应用程序连接在SSL3.0,我不想显示任何页面。我是英语和 GAE 的学习者。如果英语很难理解,我很抱歉。

最佳答案

Google 安全团队似乎已经采取了必要的措施。

根据他们的 recent security bulletin ,

App Engine, Cloud Storage, BigQuery, and CloudSQL customers do not need to take any actions. Google’s servers have been updated and are protected from this vulnerability. Customers of Compute Engine need to update their OS images.

我不确定这到底是什么意思,但大概 SSLv3 后备连接现在已禁用。

更新

好吧,显然他们并没有完全禁用 SSLv3,而是提供了一个更安全的后备方案。来自 a blog post

Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.

Google Chrome and our servers have supported TLS_FALLBACK_SCSV since February and thus we have good evidence that it can be used without compatibility problems

关于google-app-engine - 是否可以禁止在 Google App Engine 上使用 SSL 3.0 版?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26837242/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com