unigui使用https时,会出现下图的安全问题。
在外国友人帮助下解决了这个安全问题,修复方法如下:
1、UniServerModule.SSL.SSLOptions.SSLVersions:=[sslvTLS1_2];
2、UniServerModule.SSL.SSLOptions.CipherList指定加密算法。
3、ssleay32.dll和libeay32.dll使用最新版本。
UniServerModule:
function GetCipherList(AStrength: Integer): WideString;
const
cCIPHER_LIST_1: WideString = 'DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256';
cCIPHER_LIST_2: WideString = 'DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256';
cCIPHER_LIST_3: WideString = 'ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA';
cCIPHER_LIST_4: WideString = 'AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA';
cCIPHER_LIST_5: WideString = 'DES-CBC3-SHA';
begin
case AStrength of
// Advanced Plus (A+)
1: Result := cCIPHER_LIST_1;
// Advanced (A)
2: Result := cCIPHER_LIST_1 + ':' + cCIPHER_LIST_2;
// Broad Compatibility (
3: Result := cCIPHER_LIST_1 + ':' + cCIPHER_LIST_2 + ':' + cCIPHER_LIST_3;
// Widest Compatibility (C)
4: Result := cCIPHER_LIST_1 + ':' + cCIPHER_LIST_2 + ':' + cCIPHER_LIST_3 + ':' + cCIPHER_LIST_4;
// Legacy (C-)
5: Result := cCIPHER_LIST_1 + ':' + cCIPHER_LIST_2 + ':' + cCIPHER_LIST_3 + ':' + cCIPHER_LIST_4 + ':' + cCIPHER_LIST_5;
else
Result := EmptyStr;
end;
end;
procedure TUniServerModule.UniGUIServerModuleCreate(Sender: TObject);
begin
UniServerModule.SSL.SSLOptions.CipherList := GetCipherList(5);
end;
修复后:
