CVE-2016-2183: OpenSSL SSL/TLS 协议信息泄露漏洞详解 - 原理及防御 - 常规

CVE-2016-2183 \u662f\u4e00\u4e2a\u5f71\u54cd OpenSSL \u5e93\u7684\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u4f7f\u5f97\u653b\u51fb\u8005\u80fd\u591f\u901a\u8fc7\u7279\u5236\u7684 TLS/SSL \u624b\u63e1\u534f\u8bae\u6765\u6cc1\u9732\u670d\u52a1\u5668\u7aef\u7684\u79c1\u94a5\u4fe1\u606f\u3002\n\n\u8be5\u6f0f\u6d1e\u7684\u539f\u7406\u662f\u7531\u4e8e OpenSSL \u5e93\u5728\u5904\u7406 Diffie-Hellman \u5bc6\u94a5\u4ea4\u6362\u7b97\u6cd5\u65f6\u5b58\u5728\u4e00\u4e2a\u9519\u8bef\uff0c\u5bfc\u81f4\u653b\u51fb\u8005\u80fd\u591f\u901a\u8fc7\u8fdb\u884c\u7279\u5b9a\u7684\u6570\u5b66\u8ba1\u7b97\u6765\u83b7\u5f97\u670d\u52a1\u5668\u7aef\u7684\u79c1\u94a5\u4fe1\u606f\u3002\n\n\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u6784\u9020\u6076\u610f\u7684 TLS/SSL \u624b\u63e1\u8bf7\u6c42\uff0c\u901a\u8fc7\u4e0e\u670d\u52a1\u5668\u8fdb\u884c\u624b\u63e1\u8fc7\u7a0b\uff0c\u5c31\u53ef\u4ee5\u83b7\u5f97\u670d\u52a1\u5668\u7aef\u7684\u79c1\u94a5\u3002\u4e00\u6b21\u653b\u51fb\u8005\u83b7\u5f97\u4e86\u670d\u52a1\u5668\u7684\u79c1\u94a5\uff0c\u4ed6\u4eec\u5c31\u53ef\u4ee5\u89e3\u5bc6\u4e4b\u524d\u88ab\u5bc6\u5207\u7684\u901a\u4fe1\u6570\u636e\uff0c\u751a\u81f3\u53ef\u4ee5\u8fdb\u884c\u4e2d\u95f4\u4eba\u653b\u51fb\u3002\n\n\u4e3a\u4e86\u5229\u7528\u8be5\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u9700\u8981\u80fd\u591f\u6295\u8f6e\u670d\u52a1\u5668\u548c\u5ba2\u6237\u7aef\u4e4b\u95f4\u7684 TLS/SSL \u624b\u63e1\u6d41\u91cf\uff0c\u5e76\u8fdb\u884c\u6570\u5b66\u8ba1\u7b97\u3002\u8fd9\u610f\u5473\u7740\u653b\u51fb\u8005\u9700\u8981\u80fd\u591f\u5728\u7f51\u7edc\u4e2d\u8fdb\u884c\u4e2d\u95f4\u4eba\u653b\u51fb\u6216\u8005\u901a\u8fc7\u5176\u4ed6\u65b9\u5f0f\u83b7\u5f97\u624b\u63e1\u6d41\u91cf\u3002\n\n\u4e3a\u4e86\u4fee\u5907\u8be5\u6f0f\u6d1e\uff0cOpenSSL \u5e93\u53d1\u5e03\u4e86\u8865\u7406\u7a0b\u5e8f\uff0c\u63a8\u8350\u7528\u6237\u53ca\u65f6\u66f4\u65b0\u5230\u4fee\u5907\u7248\u672c\u3002\u5916\u52a0\uff0c\u670d\u52a1\u63d0\u4f9b\u8005\u8fd8\u53ef\u4ee5\u91c7\u53d6\u5176\u4ed6\u9632\u62a4\u63aa\u65bd\uff0c\u5982\u4f7f\u7528\u5b8c\u5168\u4e0d\u53d7\u5f71\u54cd\u7684 TLS \u7248\u672c\u6216\u8005\u4f7f\u7528\u5176\u4ed6\u5bc6\u5207\u7b97\u6cd5\u3002\n\n\u603b\u7ed3\u8d77\u6765\uff0cCVE-2016-2183 \u662f\u4e00\u4e2a\u5f71\u54cd OpenSSL \u5e93\u7684\u4fe1\u606f\u6cc1\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u7279\u5236\u7684 TLS/SSL \u624b\u63e1\u8bf7\u6c42\u6765\u83b7\u5f97\u670d\u52a1\u5668\u7aef\u7684\u79c1\u94a5\u4fe1\u606f\u3002\u7528\u6237\u5e94\u53ca\u65f6\u66f4\u65b0\u5230\u4fee\u5907\u7248\u672c\uff0c\u5e76\u91c7\u53d6\u5176\u4ed6\u9632\u62a4\u63aa\u65bd\u6765\u4fdd\u62a4\u670d\u52a1\u5668\u7684\u79c1\u94a5\u5b89\u5168\u3002