XtremIO:偵測到安全漏洞掃描 TLS SSL 伺服器支援使用靜態金鑰加密

Summary: 如何解決安全性漏洞掃描偵測到漏洞的情況,說明為「TLS/SSL 伺服器支援使用靜態金鑰密碼」。

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

安全漏洞掃描偵測到說明的漏洞 "TLS/SSL Server Supports The Use of Static Key Ciphers. The server is configured to support ciphers known as static key ciphers. These ciphers do not support "Forward Secrecy." In the new specification for HTTP/2, these ciphers have been blacklisted."

注意:此指令檔僅與 XMS 代碼 6.4 或更新版本相關。如果不知道「技術」密碼,請向 XtremIO 支援開立服務要求 (SR),以解決此問題。 

使用 disable_static_ciphers-v3.0.0-s4.0.0.py 附加指令檔以停用下列列入黑名單的密碼:

IANA Cipher Suite Name == OpenSSL Cipher Suite Name
TLS_RSA_WITH_AES_128_CBC_SHA == AES128-SHA
TLS_RSA_WITH_AES_128_CBC_SHA256 == AES128-SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256 == AES128-GCM-SHA256
TLS_RSA_WITH_AES_256_CBC_SHA == AES256-SHA
TLS_RSA_WITH_AES_256_CBC_SHA256 == AES256-SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384 == AES256-GCM-SHA384
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA == CAMELLIA128-SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA == CAMELLIA256-SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA == DHE-RSA-AES128-SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA == DHE-RSA-AES256-SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA == DHE-RSA-CAMELLIA128-SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA == DHE-RSA-CAMELLIA256-SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA == ECDHE-RSA-AES128-SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA == ECDHE-RSA-AES256-SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 == DHE-RSA-AES128-SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 == DHE-RSA-AES256-SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 == ECDHE-RSA-AES128-SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 == ECDHE-RSA-AES256-SHA384

IANA 密碼套件名稱:由互聯網號碼分配機構 (IANA) 定義並在 RFC 和協定規範中使用的正式名稱。

OpenSSL 密碼套件名稱:OpenSSL 庫用於同一密碼套件的別名或簡寫。

Affected Products

XtremIO Family, XtremIO X1, XtremIO X2
Article Properties
Article Number: 000227954
Article Type: How To
Last Modified: 18 Jul 2025
Version:  9
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.