Shunze ¾Ç¶é >¸ê°T³]³Æ±M°Ï >Extreme & Enterasys > ¡m¤À¨É¡nChrome45µLªk¶}±ÒNetSight «¢Åo¡AÁÙ¨S¦³µù¥U©ÎªÌµn¤J¡C½Ð§A[µù¥U|µn¤J]
« ¤W¤@½g¥DÃD ¤U¤@½g¥DÃD » Åã¥Ü¦¨¦C¦L¼Ò¦¡ | ¼W¥[¨ì§Úªº³Ì·R
µoªí·s¥DÃD µoªí¦^ÂÐ
§@ªÌ
¥DÃD
shunze
¤u¤Í§B§B


µù¥U¤é´Á: 2002 04
¨Ó¦Û: ¼é¦Á²×¤î¤§¦a
¤å³¹: 2370

shunze Â÷½u
¡m¤À¨É¡nChrome45µLªk¶}±ÒNetSight¤Þ¥Î¦^ÂÐ ½s¿è/§R°£¤å³¹ ·j´M¥Ñ  µoªíªº¨ä¥L¤å³¹ ¦^³øµ¹ª©¥D IP ¦ì¸m ¦^¦¹­¶³Ì¤W¤è

Chrome¦b¤j§ïª©ªº45ª©¤§«á¡A¦h¤F«Ü¦hÀtÀt¤ò¤òªº³W©w¡A
³sNetSightªºJSP web­¶­±¤]³£¦] ¤½¶}ª÷Æ_ªø«×¤£¨¬¡A¦Ó³QChrome©Úµ´°õ¦æ¡I¡H
¿ù»~°T®§¦p¤U¡G

¦øªA¾¹ªº¼È®É Diffie-Hellman ¤½¶}ª÷Æ_¤£¨¬
ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY


¹ï©ó¹³¶¶¤l³o¼Ë¤£À´JSP¡AJAVA¡ATomcatªº¤H¡A¦³¨S¦³¤°»ò²³æªº¤èªk¥i¥H³B²z©O¡H

¶¶¤lºô¸ô¤W§ä¨ì¤@­Ó¤èªk¡A³z¹L­×§ïtomcatªº ciphers °Ñ¼Æ¡A±Ò¥ÎECDHE¡A
´£¨Ñ¤FChrome¥i¥H±µ¨üªº¦w¥þ©Êµ¥¯Å¡AÅýNetSight¥i¥H³QChrome°õ¦æ¡C


­×§ï¬yµ{¦p¤U¡A
NetSightªº server.xml ¦ì©ó¦p¤Uªº¸ô®|¤¤¡A½Ð¥H½s¿è¤u¨ã¶}±Ò¡C
/usr/local/Extreme_Networks/NetSight/jboss/server/default/deploy/jbossweb-tomcat55.sar/server.xml

µM«á¦b40´X¦æªº Connector port="${enterasys.tomcat.https.port}" °Ï¬q¤¤¡A§ä¨ì ciphers °Ñ¼Æ¡C

ciphers °Ñ¼Æ­ì¥»³]©w¦p¤U¡G
ciphers="${enterasys.tomcat.ciphers}"

±N¦¹°Ñ¼Æ­×§ï¬°¦p¤U¡G
ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"

±N server.xml ¦sÀÉ«á¡A­«¶}¾÷¡F
±z´N·|µo²{Chrome¤v¥i¥H¶}±ÒNetSightªºJSP­¶­±¤F¡ã


°Ñ¦Ò¸ê®Æ
https://jamfnation.jamfsoftware.com/article.html?id=384



♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!




2015-09-11, 09:38 shunze ªº­Ó¤H¸ê®Æ §â shunze ¥[¤J¦n¤Í¦Cªí µo°eEmailµ¹ shunze ÂsÄý shunze ªººô¯¸ MSN : shunze@gmail.com
shunze
¤u¤Í§B§B


µù¥U¤é´Á: 2002 04
¨Ó¦Û: ¼é¦Á²×¤î¤§¦a
¤å³¹: 2370

shunze Â÷½u
¡m¤À¨É¡n¥t¤@­Ó¸Ñªk¤Þ¥Î¦^ÂÐ ½s¿è/§R°£¤å³¹ ·j´M¥Ñ  µoªíªº¨ä¥L¤å³¹ ¦^³øµ¹ª©¥D IP ¦ì¸m ¦^¦¹­¶³Ì¤W¤è

¦b Extreme©x¤è½×¾Â §ä¨ì¥t¤@­Ó¤ñ¸û¥¿²Îªº¸Ñªk¡C

¥Ñ©óserver.xmlùØ¡Aciphers°Ñ¼Æ¬O°Ñ·Ó NSJBoss.properties ¤¤ªº°Ñ¼Æ³]©w¡A
©Ò¥H§ïserver.xmlÁÙ¤£¦p§ï°Ñ·Óªº­ì©lÀÉ NSJBoss.properties ¨Óªº¥¿²Î¡C
¤@¥¹ NSJBoss.properties §ï¦n¤F¡A©Ò¦³°Ñ·Ó¥¦ªº³]©w¤]³£¤@¨Ö¥Í®Ä¡A´NÅÞ¿è¤W¨Ó¤£¶È¤ñ¸û¥¿²Î¡A¦Ó¥B¤]¤ñ¸û¦³®Ä²v¡I

NSJBoss.properties ³]©wÀɦì©ó¦p¤Uªº¸ô®|¤¤¡A½Ð¥H½s¿è¤u¨ã¶}±Ò¡C

/usr/local/Extreme_Networks/NetSight/appdata/NSJBoss.properties

§ä¨ì enterasys.tomcat.ciphers °Ñ¼Æ¡A±N¤º®e¥Ñ
enterasys.tomcat.ciphers=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA

­×§ï¬°
enterasys.tomcat.ciphers=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_DSS_WITH_AES_128_CBC_SHA

¤W­z­×§ï¥D­n´N¬O±NMozilla»PChrome©Ò¤£¤ä´©ªº DHE §ï¬° ECDH ¤Î ECDHE¡A
µM«á±N¤§«e­×§ïªºserver.xmlùتº ciphers °Ñ¼ÆÁÙ­ì¡A
³Ì«á¦A­«¶}¾÷¡AMozilla»PChrome´N¥i¥HÂsÄýNetSightªºJSP­¶­±Åo¡ã


¥t¥~¡ANetSight¤w©ó6.3.0.162¸Ñ¨M¦¹°ÝÃD¤F¡C
­Y¦w¸Ëªº¬O6.3.0.162ª©¤W¥H¤WªºNetSight¡A´N¤£»Ý¤â°Ê­×¥¿¦¹°ÝÃD¤F¡C


°Ñ¦Ò¸ê®Æ
Can't access Netsight in Firefox 39 due ...fie-Hellman key



♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!




2015-09-16, 14:14 shunze ªº­Ó¤H¸ê®Æ §â shunze ¥[¤J¦n¤Í¦Cªí µo°eEmailµ¹ shunze ÂsÄý shunze ªººô¯¸ MSN : shunze@gmail.com
  « ¤W¤@½g¥DÃD ¤U¤@½g¥DÃD »
µoªí·s¥DÃD µoªí¦^ÂÐ
¸õ¨ì:

Powered by: Burning Board 1.1.1 2001 WoltLab GbR