0
我正在使用Java 8和来自GoDaddy的SSL证书配置Jetty 9.3.x服务器。完成文档工作后,我的SSL服务器上可以运行SSL,并且可以通过Internet Explorer和Chrome中的SSL进行连接。但是,使用Firefox时,我无法连接到服务器。无法使用Firefox通过SSL连接到Jetty 9服务器50
我得到的错误SSL_ERROR_NO_CYPHER_OVERLAP
我已经尝试调整各种设置,但什么也没有为我工作。
后,我决定让他们谈论的调试,得到了以下支持的密码:
02:17:06,989 [main] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - Selected Protocols [TLSv1, TLSv1.1, TLSv1.2] of [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
02:17:06,989 [main] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - Selected Ciphers [TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256] of [TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_256_GCM_SHA384, TLS_DH_anon_WITH_AES_128_GCM_SHA256, TLS_DH_anon_WITH_AES_256_CBC_SHA256, TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_DH_anon_WITH_AES_128_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, SSL_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5]
此外,Chrome浏览器连接(作品)
02:41:43,503 [qtp451111351-19] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - Customize 13196d35[SSLEngine[hostname=24.205.233.242 port=54796] SSL_NULL_WITH_NULL_NULL]
02:41:43,518 [qtp451111351-19] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - Customize 1e9077dd[SSLEngine[hostname=24.205.233.242 port=54797] SSL_NULL_WITH_NULL_NULL]
02:41:43,525 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - Customize 3924a409[SSLEngine[hostname=24.205.233.242 port=54793] SSL_NULL_WITH_NULL_NULL]
02:41:43,525 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - Customize 31f0632a[SSLEngine[hostname=24.205.233.242 port=54795] SSL_NULL_WITH_NULL_NULL]
02:41:43,526 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matching for type=host_name (0), value=megabeeqa.carriersoft.com
02:41:43,526 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matched megabeeqa.carriersoft.com->[email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com])
02:41:43,527 [qtp451111351-16] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matching for type=host_name (0), value=megabeeqa.carriersoft.com
02:41:43,527 [qtp451111351-16] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matched megabeeqa.carriersoft.com->[email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com])
02:41:43,519 [qtp451111351-18] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - Customize 2520f47c[SSLEngine[hostname=24.205.233.242 port=54794] SSL_NULL_WITH_NULL_NULL]
02:41:43,528 [qtp451111351-10] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matching for type=host_name (0), value=megabeeqa.carriersoft.com
02:41:43,528 [qtp451111351-10] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matched megabeeqa.carriersoft.com->[email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com])
02:41:43,519 [qtp451111351-14] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matching for type=host_name (0), value=megabeeqa.carriersoft.com
02:41:43,528 [qtp451111351-14] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matched megabeeqa.carriersoft.com->[email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com])
02:41:43,529 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Matched megabeeqa.carriersoft.com with [email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com]) from [carriersoft]
02:41:43,530 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Chose alias carriersoft/RSA on 3924a409[SSLEngine[hostname=24.205.233.242 port=54793] SSL_NULL_WITH_NULL_NULL]
02:41:43,529 [qtp451111351-15] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matching for type=host_name (0), value=megabeeqa.carriersoft.com
02:41:43,531 [qtp451111351-15] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matched megabeeqa.carriersoft.com->[email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com])
02:41:43,530 [qtp451111351-10] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Matched megabeeqa.carriersoft.com with [email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com]) from [carriersoft]
02:41:43,531 [qtp451111351-10] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Chose alias carriersoft/RSA on 2520f47c[SSLEngine[hostname=24.205.233.242 port=54794] SSL_NULL_WITH_NULL_NULL]
02:41:43,531 [qtp451111351-15] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Matched megabeeqa.carriersoft.com with [email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com]) from [carriersoft]
02:41:43,531 [qtp451111351-15] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Chose alias carriersoft/RSA on 1e9077dd[SSLEngine[hostname=24.205.233.242 port=54797] SSL_NULL_WITH_NULL_NULL]
02:41:43,530 [qtp451111351-14] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Matched megabeeqa.carriersoft.com with [email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com]) from [carriersoft]
02:41:43,531 [qtp451111351-14] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Chose alias carriersoft/RSA on 13196d35[SSLEngine[hostname=24.205.233.242 port=54796] SSL_NULL_WITH_NULL_NULL]
02:41:43,530 [qtp451111351-16] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Matched megabeeqa.carriersoft.com with [email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com]) from [carriersoft]
02:41:43,532 [qtp451111351-16] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Chose alias carriersoft/RSA on 31f0632a[SSLEngine[hostname=24.205.233.242 port=54795] SSL_NULL_WITH_NULL_NULL]
时与FireFox连接时,我只能在日志中获得以下输出:
02:40:55,459 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - Customize 2223aad3[SSLEngine[hostname=24.205.233.242 port=54783] SSL_NULL_WITH_NULL_NULL]
02:40:55,465 [qtp451111351-16] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matching for type=host_name (0), value=megabeeqa.carriersoft.com
02:40:55,465 [qtp451111351-16] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matched megabeeqa.carriersoft.com->[email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com])
对我来说,这似乎是一个很好的密码集,任何人都可以帮助确定我的问题,并帮助我启用Firefox将接受的密码?
您可以在Firefox中使用'about:config'页面并筛选*安全性**,以查看您是否对SSL/TLS设置进行了任何更改。寻找“'security.tls.version.min'”和“'security.tls.version.max'”等等。 – Andy
security.tls.version.min = 1和security.tls.version.max = 3,我认为服务器允许的TLS版本属于这个范围。 –