1、通過火狐瀏覽器訪問時提示:連接 10.77.77.77 時發生錯誤。 無法安全地與對等端通信:沒有雙方共用的加密算法。 錯誤代碼: SSL_ERROR_NO_CYPHER_OVERLAP
2、處理過程
通過命令seccryptocfg --show查看交換機的TLS加密算法套件:
--------------------------------------------------------------------------------------------------------
SNS2624_D12:admin> seccryptocfg --show
SSH Crypto:
SSH Cipher : aes128-ctr,aes192-ctr,aes256-ctr
SSH Kex : ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
SSH MAC : hmac-sha1,hmac-sha2-256,hmac-sha2-512
TLS Ciphers:
HTTPS : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM:!SSLv3
RADIUS : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
LDAP : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
SYSLOG : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
TLS Protocol:
HTTPS : Any
RADIUS : Any
LDAP : Any
SYSLOG : Any
X509v3:
Validation : Basic
SNS2624_D12:admin>
--------------------------------------------------------------------------------------------------------
可見是配置了過強的加密算法套件。
2、登陸交換機改成general的加密算法再試就好了(博科出廠的時候8.1.0b版本默認設置爲了strong的算法模板):
seccryptocfg --apply default_generic
--------------------------------------------------------------------------------------------------------
SNS2624_D12:admin> seccryptocfg --apply default_generic
Validating....
Applying...
Template configurations applied successfully
SNS2624_D12:admin>
--------------------------------------------------------------------------------------------------------
3、再次查看:
--------------------------------------------------------------------------------------------------------
SNS2624_D12:admin> seccryptocfg --show
SSH Crypto:
SSH Cipher : aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
SSH Kex : ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
SSH MAC : hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha2-512
TLS Ciphers:
HTTPS : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
RADIUS : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
LDAP : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
SYSLOG : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
TLS Protocol:
HTTPS : Any
RADIUS : Any
LDAP : Any
SYSLOG : Any
X509v3:
Validation : Basic
SNS2624_D12:admin>
--------------------------------------------------------------------------------------------------------
SNS2624_D12:admin> seccryptocfg --lstemplates
List of templates:
default_generic ##general的加密算法成爲第一行,說明已經改好了
default_fips
default_cc
default_strong
--------------------------------------------------------------------------------------------------------
4、再次嘗試:
已經可以正常訪問,就可以通過java工具管理了