秋·风

  博客园 :: 首页 :: 博问 :: 闪存 :: 新随笔 :: 联系 :: 订阅 订阅 :: 管理 ::

unigui使用https时,会出现下图的安全问题。

 

 

在外国友人帮助下解决了这个安全问题,修复方法如下:

1、UniServerModule.SSL.SSLOptions.SSLVersions:=[sslvTLS1_2];

2、UniServerModule.SSL.SSLOptions.CipherList指定加密算法。

3、ssleay32.dll和libeay32.dll使用最新版本。

UniServerModule:

function GetCipherList(AStrength: Integer): WideString;
const
  cCIPHER_LIST_1: WideString = 'DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256';
  cCIPHER_LIST_2: WideString = 'DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256';
  cCIPHER_LIST_3: WideString = 'ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA';
  cCIPHER_LIST_4: WideString = 'AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA';
  cCIPHER_LIST_5: WideString = 'DES-CBC3-SHA';

begin
  case AStrength of
    // Advanced Plus (A+)
      1: Result := cCIPHER_LIST_1;
    // Advanced (A)
      2: Result := cCIPHER_LIST_1 + ':' + cCIPHER_LIST_2;
    // Broad Compatibility (
      3: Result := cCIPHER_LIST_1 + ':' + cCIPHER_LIST_2 + ':' + cCIPHER_LIST_3;
    // Widest Compatibility (C)
      4: Result := cCIPHER_LIST_1 + ':' + cCIPHER_LIST_2 + ':' + cCIPHER_LIST_3 + ':' + cCIPHER_LIST_4;
    // Legacy (C-)
      5: Result := cCIPHER_LIST_1 + ':' + cCIPHER_LIST_2 + ':' + cCIPHER_LIST_3 + ':' + cCIPHER_LIST_4 + ':' + cCIPHER_LIST_5;
    else
      Result := EmptyStr;
  end;
end;

procedure TUniServerModule.UniGUIServerModuleCreate(Sender: TObject);
begin
  UniServerModule.SSL.SSLOptions.CipherList := GetCipherList(5);

end;

修复后:

 

posted on 2021-05-05 20:38  秋·风  阅读(784)  评论(2编辑  收藏  举报