Chrome:没有密码适合incommon

时间:2015-08-13 03:18:42

标签: google-chrome ssl encryption obsolete

此问题仅存在于Chrome中,我可以在Safari,Firefox和IE中https://localhost:8443 上无问题访问我的网址:

我尝试在Chrome中修复“过时的密码”套件警告,因此在我的Jetty配置中删除了所有带有SHA1和MD5的密码套件。这些都是可用的密码套件,我可以在Jetty的DEBUG日志记录中看到。

但是,使用chrome我无法访问该网址,因为它不知道这些密码套件中的任何一个?!为什么以及如何解决这个问题?

这是我的Jetty(版本8.1.16.v20140903)SSL连接器配置:

  <Call name="addConnector">
     <Arg>
       <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
         <Arg>
           <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
             <Set name="keyStore"><SystemProperty name="jetty.home" default=".." />/web/etc/keystore</Set>
             <Set name="keyStorePassword">OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v</Set>
             <Set name="keyManagerPassword">OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v</Set>
             <Set name="trustStore"><SystemProperty name="jetty.home" default=".." />/web/etc/keystore</Set>
             <Set name="trustStorePassword">OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v</Set>
             <Set name="protocol">TLSv1.2</Set>
           </New>
         </Arg>
         <Set name="port">8443</Set>
         <Set name="maxIdleTime">30000</Set>
         <Set name="IncludeCipherSuites">
           <Array type="java.lang.String">
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
            <Item>TLS_EMPTY_RENEGOTIATION_INFO_SCSV</Item>
            <Item>TLS_DH_anon_WITH_AES_128_CBC_SHA256</Item>
            <Item>TLS_RSA_WITH_NULL_SHA256</Item>
             <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</Item>
             <Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</Item>
           </Array>
         </Set>
     <Set name="ExcludeCipherSuites">
       <Array type="java.lang.String">
        <Item>SSL_DH_anon_EXPORT_WITH_RC4_40_MD5</Item>
        <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
        <Item>TLS_KRB5_WITH_RC4_128_MD5</Item>
        <Item>TLS_KRB5_WITH_3DES_EDE_CBC_MD5</Item>
        <Item>TLS_KRB5_WITH_DES_CBC_MD5</Item>
        <Item>TLS_KRB5_EXPORT_WITH_RC4_40_MD5</Item>
        <Item>TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5</Item>
        <Item>SSL_RSA_WITH_NULL_MD5</Item>
        <Item>SSL_DH_anon_WITH_RC4_128_MD5</Item>
        <Item>SSL_RSA_WITH_RC4_128_MD5</Item>
         <Item>TLS_ECDHE_RSA_WITH_RC4_128_SHA</Item>
         <Item>TLS_ECDH_ECDSA_WITH_RC4_128_SHA</Item>
         <Item>TLS_ECDH_RSA_WITH_RC4_128_SHA</Item>
        <Item>TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</Item>
        <Item>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
        <Item>SSL_RSA_WITH_3DES_EDE_CBC_SHA</Item>
        <Item>TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA</Item>
        <Item>TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA</Item>
        <Item>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
        <Item>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</Item>
        <Item>TLS_ECDH_anon_WITH_AES_128_CBC_SHA</Item>
        <Item>TLS_DH_anon_WITH_AES_128_CBC_SHA</Item>
        <Item>TLS_ECDH_anon_WITH_RC4_128_SHA</Item>
        <Item>TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA</Item>
        <Item>SSL_DH_anon_WITH_3DES_EDE_CBC_SHA</Item>
        <Item>TLS_ECDHE_ECDSA_WITH_NULL_SHA</Item>
        <Item>TLS_ECDHE_RSA_WITH_NULL_SHA</Item>
        <Item>SSL_RSA_WITH_NULL_SHA</Item>
        <Item>TLS_ECDH_ECDSA_WITH_NULL_SHA</Item>
        <Item>TLS_ECDH_RSA_WITH_NULL_SHA</Item>
        <Item>TLS_ECDH_anon_WITH_NULL_SHA</Item>
        <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
        <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
        <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
        <Item>SSL_DH_anon_WITH_DES_CBC_SHA</Item>
        <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
        <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
        <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
        <Item>SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA</Item>
        <Item>TLS_KRB5_WITH_RC4_128_SHA</Item>
        <Item>TLS_KRB5_WITH_DES_CBC_SHA</Item>
        <Item>TLS_KRB5_WITH_3DES_EDE_CBC_SHA</Item>
        <Item>TLS_KRB5_EXPORT_WITH_RC4_40_SHA</Item>
        <Item>LS_KRB5_EXPORT_WITH_DES_CBC_40_SHA</Item>
         <Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</Item>
         <Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Item>
         <Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
         <Item>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA</Item>
         <Item>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA</Item>
         <Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
         <Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
         <Item>TLS_ECDHE_ECDSA_WITH_RC4_128_SHA</Item>
       </Array>
       </Set>
       </New>
     </Arg>
   </Call>

1 个答案:

答案 0 :(得分:1)

您删除了许多安全密码套件,试图摆脱“过时的密码”消息,但您没有包含任何现代密码套件,可能是因为您的服务器不支持它们。最后,您删除了太多密码,以便某些客户端不再工作。

有关各种浏览器支持的密码的概述,请参阅SSLLabs client test