0
Java 8でJetty 9.3.xサーバーを、GoDaddyからSSL証明書を設定しています。ドキュメンテーションの作業が終わった後、私は自分のサーバでSSLを稼働させており、インターネットエクスプローラとクロムでSSL経由で接続することができます。しかし、Firefoxでは、私はサーバーに接続できません。FirefoxでSSLを使用してJetty 9サーバーに接続できません。
私はさまざまな設定を微調整しようとしましたが、何も私のために働いされていないエラーSSL_ERROR_NO_CYPHER_OVERLAP
を取得します。
を読んだ後、私は彼らがについて話デバッグを有効にすることを決定し、次のサポートされている暗号ました:クローム(作品)との接続時に、
さらに02:17:06,989 [main] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - Selected Protocols [TLSv1, TLSv1.1, TLSv1.2] of [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
02:17:06,989 [main] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - Selected Ciphers [TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256] of [TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_256_GCM_SHA384, TLS_DH_anon_WITH_AES_128_GCM_SHA256, TLS_DH_anon_WITH_AES_256_CBC_SHA256, TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_DH_anon_WITH_AES_128_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, SSL_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5]
を
02:41:43,503 [qtp451111351-19] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - Customize 13196d35[SSLEngine[hostname=24.205.233.242 port=54796] SSL_NULL_WITH_NULL_NULL]
02:41:43,518 [qtp451111351-19] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - Customize 1e9077dd[SSLEngine[hostname=24.205.233.242 port=54797] SSL_NULL_WITH_NULL_NULL]
02:41:43,525 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - Customize 3924a409[SSLEngine[hostname=24.205.233.242 port=54793] SSL_NULL_WITH_NULL_NULL]
02:41:43,525 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - Customize 31f0632a[SSLEngine[hostname=24.205.233.242 port=54795] SSL_NULL_WITH_NULL_NULL]
02:41:43,526 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matching for type=host_name (0), value=megabeeqa.carriersoft.com
02:41:43,526 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matched megabeeqa.carriersoft.com->[email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com])
02:41:43,527 [qtp451111351-16] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matching for type=host_name (0), value=megabeeqa.carriersoft.com
02:41:43,527 [qtp451111351-16] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matched megabeeqa.carriersoft.com->[email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com])
02:41:43,519 [qtp451111351-18] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - Customize 2520f47c[SSLEngine[hostname=24.205.233.242 port=54794] SSL_NULL_WITH_NULL_NULL]
02:41:43,528 [qtp451111351-10] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matching for type=host_name (0), value=megabeeqa.carriersoft.com
02:41:43,528 [qtp451111351-10] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matched megabeeqa.carriersoft.com->[email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com])
02:41:43,519 [qtp451111351-14] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matching for type=host_name (0), value=megabeeqa.carriersoft.com
02:41:43,528 [qtp451111351-14] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matched megabeeqa.carriersoft.com->[email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com])
02:41:43,529 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Matched megabeeqa.carriersoft.com with [email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com]) from [carriersoft]
02:41:43,530 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Chose alias carriersoft/RSA on 3924a409[SSLEngine[hostname=24.205.233.242 port=54793] SSL_NULL_WITH_NULL_NULL]
02:41:43,529 [qtp451111351-15] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matching for type=host_name (0), value=megabeeqa.carriersoft.com
02:41:43,531 [qtp451111351-15] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matched megabeeqa.carriersoft.com->[email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com])
02:41:43,530 [qtp451111351-10] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Matched megabeeqa.carriersoft.com with [email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com]) from [carriersoft]
02:41:43,531 [qtp451111351-10] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Chose alias carriersoft/RSA on 2520f47c[SSLEngine[hostname=24.205.233.242 port=54794] SSL_NULL_WITH_NULL_NULL]
02:41:43,531 [qtp451111351-15] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Matched megabeeqa.carriersoft.com with [email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com]) from [carriersoft]
02:41:43,531 [qtp451111351-15] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Chose alias carriersoft/RSA on 1e9077dd[SSLEngine[hostname=24.205.233.242 port=54797] SSL_NULL_WITH_NULL_NULL]
02:41:43,530 [qtp451111351-14] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Matched megabeeqa.carriersoft.com with [email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com]) from [carriersoft]
02:41:43,531 [qtp451111351-14] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Chose alias carriersoft/RSA on 13196d35[SSLEngine[hostname=24.205.233.242 port=54796] SSL_NULL_WITH_NULL_NULL]
02:41:43,530 [qtp451111351-16] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Matched megabeeqa.carriersoft.com with [email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com]) from [carriersoft]
02:41:43,532 [qtp451111351-16] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager - Chose alias carriersoft/RSA on 31f0632a[SSLEngine[hostname=24.205.233.242 port=54795] SSL_NULL_WITH_NULL_NULL]
FireFoxで接続すると、ログに次の出力しか表示されません。
02:40:55,459 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - Customize 2223aad3[SSLEngine[hostname=24.205.233.242 port=54783] SSL_NULL_WITH_NULL_NULL]
02:40:55,465 [qtp451111351-16] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matching for type=host_name (0), value=megabeeqa.carriersoft.com
02:40:55,465 [qtp451111351-16] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory - SNI matched megabeeqa.carriersoft.com->[email protected](carriersoft,h=[carriersoft.com],w=[carriersoft.com])
私には暗号の良いセットのようですが、誰でも自分の問題を特定し、Firefoxが受け入れる暗号を有効にする手伝いができますか?
Firefoxで 'about:config'ページを使用し、* security。**をフィルタリングして、SSL/TLS設定を変更したかどうかを確認できます。 「security.tls.version.min'」と「security.tls.version.max」を探します。 – Andy
security.tls.version.min = 1 and security.tls.version.max = 3、私はこの境界内にサーバが許すTLSバージョンがあると思います。 –