華爲SNS交換機（OEM博科FC交換機）Fabric OS: v 8版本後通過https方式瀏覽器訪問交換機Webtools顯示沒有匹配的加密算法套件的解決辦法

1、通過火狐瀏覽器訪問時提示：連接 10.77.77.77 時發生錯誤。 無法安全地與對等端通信：沒有雙方共用的加密算法。 錯誤代碼: SSL_ERROR_NO_CYPHER_OVERLAP

 

 

2、處理過程

通過命令seccryptocfg --show查看交換機的TLS加密算法套件：

--------------------------------------------------------------------------------------------------------

SNS2624_D12:admin> seccryptocfg --show
SSH Crypto:
SSH Cipher : aes128-ctr,aes192-ctr,aes256-ctr
SSH Kex : ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
SSH MAC : hmac-sha1,hmac-sha2-256,hmac-sha2-512
TLS Ciphers:
HTTPS : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM:!SSLv3
RADIUS : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
LDAP : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
SYSLOG : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
TLS Protocol:
HTTPS : Any
RADIUS : Any
LDAP : Any
SYSLOG : Any
X509v3:
Validation : Basic
SNS2624_D12:admin>

--------------------------------------------------------------------------------------------------------

可見是配置了過強的加密算法套件。

2、登陸交換機改成general的加密算法再試就好了（博科出廠的時候8.1.0b版本默認設置爲了strong的算法模板）：
seccryptocfg --apply default_generic

--------------------------------------------------------------------------------------------------------

SNS2624_D12:admin> seccryptocfg --apply default_generic
Validating....
Applying...

Template configurations applied successfully
SNS2624_D12:admin>

--------------------------------------------------------------------------------------------------------

3、再次查看：

--------------------------------------------------------------------------------------------------------

SNS2624_D12:admin> seccryptocfg --show
SSH Crypto:
SSH Cipher : aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
SSH Kex : ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
SSH MAC : hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha2-512
TLS Ciphers:
HTTPS : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
RADIUS : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
LDAP : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
SYSLOG : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
TLS Protocol:
HTTPS : Any
RADIUS : Any
LDAP : Any
SYSLOG : Any
X509v3:
Validation : Basic
SNS2624_D12:admin>

--------------------------------------------------------------------------------------------------------

SNS2624_D12:admin> seccryptocfg --lstemplates

List of templates:
default_generic                           ##general的加密算法成爲第一行，說明已經改好了
default_fips
default_cc
default_strong

--------------------------------------------------------------------------------------------------------

4、再次嘗試：

 

已經可以正常訪問，就可以通過java工具管理了