chrome/firefox 访问https站点 NS_ERROR_NET_INADEQUATE_SECURITY 错误

日期 2019-07-18 nginx 作者 aoe 共1评论

在Firefox报的错误是NS_ERROR_NET_INADEQUATE_SECURITY:

Your connection is not secure
The website tried to negotiate an inadequate level of security.

portal.qiniu.com uses security technology that is outdated and
vulnerable to attack. An attacker could easily reveal information
which you thought to be safe. The website administrator will need to
fix the server first before you can visit the site.

Error code: NS_ERROR_NET_INADEQUATE_SECURITY

在Chrome报错为ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY:

无法访问此网站
网址为 https://portal.qiniu.com/ 的网页可能暂时无法连接,或者它已永久性地移动到了新网址。
ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY

解决

nginx server配置修改ssl_ciphers如下:

ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers   on;
仅有一条评论
  1. aoe

    启用http2 以后,感觉速度快了不少,不知道是不是错觉啊


人生在世,错别字在所难免,无需纠正。