[GH-ISSUE #3973] 我们安装的FRPS服务被网络信息安全扫描出 TLS协议信息泄露漏洞(CVE-2016-2183)，需要怎么解决？

gitea-mirror commented

2026-05-05 14:02:19 -06:00

Owner

Originally created by @zgh419566 on GitHub (Feb 3, 2024).
Original GitHub issue: https://github.com/fatedier/frp/issues/3973

Describe the feature request

我安装了frps服务，暴露在公网上，之前一直被信安通报主机已失陷（被攻击）
后面通过证书对报文做了TLS加密，终于可以正常使用
现在信安又通报存在TLS协议信息泄露漏洞(CVE-2016-2183)，这种需要怎么解决？

信安的扫描图片如下

Describe alternatives you've considered

网上找到一篇对golang规避该漏洞的方法，供作者参考。

golang CVE-2016-2183漏洞，https需要添加tls设置加密算法CipherSuites白名单，将弱加密算法DES和3DES去掉。

Affected area

Docs
Installation
Performance and Scalability
Security
User Experience
Test and Release
Developer Infrastructure
Client Plugin
Server Plugin
Extensions
Others

Originally created by @zgh419566 on GitHub (Feb 3, 2024). Original GitHub issue: https://github.com/fatedier/frp/issues/3973 ### Describe the feature request 我安装了frps服务，暴露在公网上，之前一直被信安通报主机已失陷（被攻击）后面通过证书对报文做了TLS加密，终于可以正常使用现在信安又通报存在TLS协议信息泄露漏洞(CVE-2016-2183)，这种需要怎么解决？信安的扫描图片如下 ![FRP SSL TLS协议信息泄露漏洞(CVE-2016-2183) ](https://github.com/fatedier/frp/assets/803006/b013e29b-b054-40b7-9037-82da40c6f043) ### Describe alternatives you've considered 网上找到一篇对golang规避该漏洞的方法，供作者参考。 [golang CVE-2016-2183漏洞，https需要添加tls设置加密算法CipherSuites白名单，将弱加密算法DES和3DES去掉。](https://www.cnblogs.com/stjwy/p/17286010.html) ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [X] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others

gitea-mirror

2026-05-05 14:02:19 -06:00

closed this issue
added the
lifecycle/stale
label

gitea-mirror commented

2026-05-05 14:02:23 -06:00

Author

Owner

@zgh419566 commented on GitHub (Feb 6, 2024):

I fixed this issue
https://blog.csdn.net/zgh419566/article/details/136055490

orce frp use tls1.2 only when set TLS mode
avoid to use 3des algorithm

64-bit block cipher 3DES vulnerable to SWEET32 attack

user can scan it by nmap below:
nmap -sV -p 7000 --script ssl-enum-ciphers x.x.x.x

@zgh419566 commented on GitHub (Feb 6, 2024): I fixed this issue https://blog.csdn.net/zgh419566/article/details/136055490 orce frp use tls1.2 only when set TLS mode avoid to use 3des algorithm 64-bit block cipher 3DES vulnerable to SWEET32 attack user can scan it by nmap below: nmap -sV -p 7000 --script ssl-enum-ciphers x.x.x.x

gitea-mirror commented

2026-05-05 14:02:23 -06:00

Author

Owner

@PaperStrike commented on GitHub (Feb 22, 2024):

Go 1.17+ 应当已经把 DES 从安全套件列表剔除。所以只需要解决 go 为了兼容旧项目默认套件并非安全套件的问题，不需要每个上层开发者维护安全的算法列表。https://github.com/golang/go/issues/41476

base.CipherSuites = tls.CipherSuites() // <- Secure suites only

@PaperStrike commented on GitHub (Feb 22, 2024): Go 1.17+ 应当已经把 DES 从安全套件列表剔除。所以只需要解决 go 为了兼容旧项目默认套件并非安全套件的问题，不需要每个上层开发者维护安全的算法列表。https://github.com/golang/go/issues/41476 ```go base.CipherSuites = tls.CipherSuites() // <- Secure suites only ```

gitea-mirror commented

2026-05-05 14:02:24 -06:00

Author

Owner

@github-actions[bot] commented on GitHub (Mar 15, 2024):

Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

@github-actions[bot] commented on GitHub (Mar 15, 2024): Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

gitea-mirror commented

2026-05-05 14:02:26 -06:00

Author

Owner

@feipinxiang commented on GitHub (Jul 1, 2024):

Go 1.17+ 应当已经把 DES 从安全套件列表剔除。所以只需要解决 go 为了兼容旧项目默认套件并非安全套件的问题，不需要每个上层开发者维护安全的算法列表。golang/go#41476
base.CipherSuites = tls.CipherSuites() // <- Secure suites only

frp目前版本0.58.1。只能自己修改代码重新打包是么？

@feipinxiang commented on GitHub (Jul 1, 2024): > Go 1.17+ 应当已经把 DES 从安全套件列表剔除。所以只需要解决 go 为了兼容旧项目默认套件并非安全套件的问题，不需要每个上层开发者维护安全的算法列表。[golang/go#41476](https://github.com/golang/go/issues/41476) > > ```go > base.CipherSuites = tls.CipherSuites() // <- Secure suites only > ``` frp目前版本0.58.1。只能自己修改代码重新打包是么？

gitea-mirror referenced this issue

2026-05-05 14:46:52 -06:00

[PR #3148] [MERGED] remove unsupported platform #4689