 ¡m¤À¨É¡nChrome45µLªk¶}±ÒNetSight |       |
Chrome¦b¤j§ïª©ªº45ª©¤§«á¡A¦h¤F«Ü¦hÀtÀt¤ò¤òªº³W©w¡A
³sNetSightªºJSP web¶±¤]³£¦] ¤½¶}ª÷Æ_ªø«×¤£¨¬¡A¦Ó³QChrome©Úµ´°õ¦æ¡I¡H
¿ù»~°T®§¦p¤U¡G
¦øªA¾¹ªº¼È®É Diffie-Hellman ¤½¶}ª÷Æ_¤£¨¬
ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY
¹ï©ó¹³¶¶¤l³o¼Ë¤£À´JSP¡AJAVA¡ATomcatªº¤H¡A¦³¨S¦³¤°»ò²³æªº¤èªk¥i¥H³B²z©O¡H
¶¶¤lºô¸ô¤W§ä¨ì¤@Ó¤èªk¡A³z¹Lקïtomcatªº ciphers °Ñ¼Æ¡A±Ò¥ÎECDHE¡A
´£¨Ñ¤FChrome¥i¥H±µ¨üªº¦w¥þ©Êµ¥¯Å¡AÅýNetSight¥i¥H³QChrome°õ¦æ¡C
קï¬yµ{¦p¤U¡A
NetSightªº server.xml ¦ì©ó¦p¤Uªº¸ô®|¤¤¡A½Ð¥H½s¿è¤u¨ã¶}±Ò¡C
/usr/local/Extreme_Networks/NetSight/jboss/server/default/deploy/jbossweb-tomcat55.sar/server.xml
µM«á¦b40´X¦æªº Connector port="${enterasys.tomcat.https.port}" °Ï¬q¤¤¡A§ä¨ì ciphers °Ñ¼Æ¡C
ciphers °Ñ¼Æ쥻³]©w¦p¤U¡G
ciphers="${enterasys.tomcat.ciphers}"
±N¦¹°Ñ¼Æקאּ¦p¤U¡G
ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"
±N server.xml ¦sÀÉ«á¡A«¶}¾÷¡F
±z´N·|µo²{Chrome¤v¥i¥H¶}±ÒNetSightªºJSP¶±¤F¡ã
°Ñ¦Ò¸ê®Æ
https://jamfnation.jamfsoftware.com/article.html?id=384
♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã
If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!
|
2015-09-11, 09:38
¡m¤À¨É¡n¥t¤@ӸѪk