无法建立安全连接,因为此站点使用不受支持的协议

时间:2016-01-05 06:07:55

标签: java tomcat ssl nginx ssl-certificate

我无法将我的http请求发送到https请求。我的服务器域名是myservers.com。我的前辈(离开办公室)从 comodo RSA域验证安全服务器CA 带来了通配证ssl证书。当我使用https://myservers.com时它工作正常,它显示默认页面。现在我的MD在服务器上安装了tomcat并告诉我将其设为https。所以我将我的war文件上传到webapps并且工作正常http://myservers.com:8080/。但是https://myservers.com:8443/显示此网页不可用 ERR_SSL_VERSION_OR_CIPHER_MISMATCH时效果不佳。 所有证书都可在etc / nginx / ssl。

位置获得

这是我的server.xml

<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               URIEncoding="UTF-8"
               redirectPort="8443" /> 

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="200" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="/etc/nginx/ssl/domain.keystore" keystorePass="changeit"/>

在我的搜索中,我找到了这两个文件 1)myservers.com - 在位置 - etc / nginx / sites-available 2)myservers.com - 位置 - etc / nginx / sites-enabled

两个文件都包含相同的代码

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

        listen 443 ssl;

    root /var/www/myservers.com/html;
    index index.php index.html index.htm;

    # Make site accessible from http://localhost/
    server_name myappdemo.com;
        ssl_certificate /etc/nginx/ssl/ssl-bundle.crt;
        ssl_certificate_key /etc/nginx/ssl/myservers.com.key;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
        # Uncomment to enable naxsi on this location
        # include /etc/nginx/naxsi.rules
    }

    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

请帮助以找出问题

1 个答案:

答案 0 :(得分:0)

只需在&#34; ssl_certificate_key&#34;之后添加这3行。解决问题:

ssl_ciphers HIGH:!ADH:!MD5:!aNULL:!eNULL:!MEDIUM:!LOW:!EXP:!kEDH;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
祝你好运!