Shunze ¾Ç¶é (http://www.shunze.info/forum/index.php)
|- Extreme & Enterasys (http://www.shunze.info/forum/board.php?boardid=31)
|-- ¡m¤À¨É¡nChrome45µLªk¶}±ÒNetSight (http://www.shunze.info/forum/threadid.php?boardid=31&threadid=1919)
§@ªÌ: shunze µoªí®É¶¡: 2015-09-11, 09:38:

¡m¤À¨É¡nChrome45µLªk¶}±ÒNetSight

Chrome¦b¤j§ïª©ªº45ª©¤§«á¡A¦h¤F«Ü¦hÀtÀt¤ò¤òªº³W©w¡A
³sNetSightªºJSP web­¶­±¤]³£¦] ¤½¶}ª÷Æ_ªø«×¤£¨¬¡A¦Ó³QChrome©Úµ´°õ¦æ¡I¡H
¿ù»~°T®§¦p¤U¡G

¦øªA¾¹ªº¼È®É Diffie-Hellman ¤½¶}ª÷Æ_¤£¨¬
ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY


¹ï©ó¹³¶¶¤l³o¼Ë¤£À´JSP¡AJAVA¡ATomcatªº¤H¡A¦³¨S¦³¤°»ò²³æªº¤èªk¥i¥H³B²z©O¡H

¶¶¤lºô¸ô¤W§ä¨ì¤@­Ó¤èªk¡A³z¹L­×§ïtomcatªº ciphers °Ñ¼Æ¡A±Ò¥ÎECDHE¡A
´£¨Ñ¤FChrome¥i¥H±µ¨üªº¦w¥þ©Êµ¥¯Å¡AÅýNetSight¥i¥H³QChrome°õ¦æ¡C


­×§ï¬yµ{¦p¤U¡A
NetSightªº server.xml ¦ì©ó¦p¤Uªº¸ô®|¤¤¡A½Ð¥H½s¿è¤u¨ã¶}±Ò¡C
/usr/local/Extreme_Networks/NetSight/jboss/server/default/deploy/jbossweb-tomcat55.sar/server.xml

µM«á¦b40´X¦æªº Connector port="${enterasys.tomcat.https.port}" °Ï¬q¤¤¡A§ä¨ì ciphers °Ñ¼Æ¡C

ciphers °Ñ¼Æ­ì¥»³]©w¦p¤U¡G
ciphers="${enterasys.tomcat.ciphers}"

±N¦¹°Ñ¼Æ­×§ï¬°¦p¤U¡G
ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"

±N server.xml ¦sÀÉ«á¡A­«¶}¾÷¡F
±z´N·|µo²{Chrome¤v¥i¥H¶}±ÒNetSightªºJSP­¶­±¤F¡ã


°Ñ¦Ò¸ê®Æ
https://jamfnation.jamfsoftware.com/article.html?id=384
§@ªÌ: shunze µoªí®É¶¡: 2015-09-16, 14:14:

¡m¤À¨É¡n¥t¤@­Ó¸Ñªk

¦b Extreme©x¤è½×¾Â §ä¨ì¥t¤@­Ó¤ñ¸û¥¿²Îªº¸Ñªk¡C

¥Ñ©óserver.xmlùØ¡Aciphers°Ñ¼Æ¬O°Ñ·Ó NSJBoss.properties ¤¤ªº°Ñ¼Æ³]©w¡A
©Ò¥H§ïserver.xmlÁÙ¤£¦p§ï°Ñ·Óªº­ì©lÀÉ NSJBoss.properties ¨Óªº¥¿²Î¡C
¤@¥¹ NSJBoss.properties §ï¦n¤F¡A©Ò¦³°Ñ·Ó¥¦ªº³]©w¤]³£¤@¨Ö¥Í®Ä¡A´NÅÞ¿è¤W¨Ó¤£¶È¤ñ¸û¥¿²Î¡A¦Ó¥B¤]¤ñ¸û¦³®Ä²v¡I

NSJBoss.properties ³]©wÀɦì©ó¦p¤Uªº¸ô®|¤¤¡A½Ð¥H½s¿è¤u¨ã¶}±Ò¡C

/usr/local/Extreme_Networks/NetSight/appdata/NSJBoss.properties

§ä¨ì enterasys.tomcat.ciphers °Ñ¼Æ¡A±N¤º®e¥Ñ
enterasys.tomcat.ciphers=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA

­×§ï¬°
enterasys.tomcat.ciphers=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_DSS_WITH_AES_128_CBC_SHA

¤W­z­×§ï¥D­n´N¬O±NMozilla»PChrome©Ò¤£¤ä´©ªº DHE §ï¬° ECDH ¤Î ECDHE¡A
µM«á±N¤§«e­×§ïªºserver.xmlùتº ciphers °Ñ¼ÆÁÙ­ì¡A
³Ì«á¦A­«¶}¾÷¡AMozilla»PChrome´N¥i¥HÂsÄýNetSightªºJSP­¶­±Åo¡ã


¥t¥~¡ANetSight¤w©ó6.3.0.162¸Ñ¨M¦¹°ÝÃD¤F¡C
­Y¦w¸Ëªº¬O6.3.0.162ª©¤W¥H¤WªºNetSight¡A´N¤£»Ý¤â°Ê­×¥¿¦¹°ÝÃD¤F¡C


°Ñ¦Ò¸ê®Æ
Can't access Netsight in Firefox 39 due ...fie-Hellman key

Powered by: Burning Board 1.1.1 2001 by WoltLab
Taiwan Translation by Achi