[PR #562] fix: SSL/TLS协议信息泄露漏洞(CVE-2016-2183) #564

New issue

Open

opened 2026-02-27 23:17:27 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 23:17:27 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/snail007/goproxy/pull/562
Author: @zhaojiejoe
Created: 5/15/2024
Status: 🔄 Open

Base: master ← Head: master

📝 Commits (1)

9f183c1 fix: SSL/TLS协议信息泄露漏洞(CVE-2016-2183)

📊 Changes

1 file changed (+11 additions, -0 deletions)

View changed files

📝 utils/functions.go (+11 -0)

📄 Description

Start:
goproxy tbridge -p :3408 -C /etc/proxy/proxy.crt -K /etc/proxy/proxy.key

Before fix：
nmap -p 3408 --script ssl-enum-ciphers 127.0.0.1
Starting Nmap 7.80 ( https://nmap.org ) at 2024-05-15 17:22 CST Nmap scan report for localhost (127.0.0.1)
Host is up (0.00013s latency).

After fix:
nmap -p 3408 --script ssl-enum-ciphers 127.0.0.1
Starting Nmap 7.80 ( https://nmap.org ) at 2024-05-15 17:31 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00010s latency).

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/snail007/goproxy/pull/562 **Author:** [@zhaojiejoe](https://github.com/zhaojiejoe) **Created:** 5/15/2024 **Status:** 🔄 Open **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (1) - [`9f183c1`](https://github.com/snail007/goproxy/commit/9f183c1f6aaf3acfc979dbf019ae8753b6fc6b0e) fix: SSL/TLS协议信息泄露漏洞(CVE-2016-2183) ### 📊 Changes **1 file changed** (+11 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `utils/functions.go` (+11 -0) </details> ### 📄 Description Start: goproxy tbridge -p :3408 -C /etc/proxy/proxy.crt -K /etc/proxy/proxy.key Before fix： nmap -p 3408 --script ssl-enum-ciphers 127.0.0.1 Starting Nmap 7.80 ( https://nmap.org ) at 2024-05-15 17:22 CST Nmap scan report for localhost (127.0.0.1) Host is up (0.00013s latency). PORT STATE SERVICE 3408/tcp open BESApi | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | compressors: | NULL | cipher preference: server | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | TLSv1.1: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | compressors: | NULL | cipher preference: server | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | compressors: | NULL | cipher preference: server | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack |_ least strength: C After fix: nmap -p 3408 --script ssl-enum-ciphers 127.0.0.1 Starting Nmap 7.80 ( https://nmap.org ) at 2024-05-15 17:31 CST Nmap scan report for localhost (127.0.0.1) Host is up (0.00010s latency). PORT STATE SERVICE 3408/tcp open BESApi | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | TLSv1.1: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server |_ least strength: A --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>