google-chrome - Chrome45 和 Firefox - 大多数网站上的 ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION

Question

当我访问大多数网站时，我开始收到此错误 - 微软网站包括。 MSDN 知识库、Lynda.com 等

SSL server probably obsolete. ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION Unable to connect securely to the server. This website may have worked previously, but there is a problem with the server. Connecting to such sites weakens security for all users and thus has been disabled.

有什么方法可以覆盖它。我正在使用 Chrome 45.0.2454.85 m 和 Firefox v.40.0.3 在传说中的 IE 上运行良好...叹息

Answer 1

让我们一步步理解

Poodle 攻击:

POODLE 攻击是一种利用某些浏览器处理加密的方式的攻击。 POODLE(Padding Oracle On Downgraded Legacy Encryption)是启用该漏洞利用的漏洞的名称。

SSL 3 已死，被 POODLE 攻击杀死:

https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack

https://www.us-cert.gov/ncas/alerts/TA14-290A

如何检查 WebLogic 上的 SSL POODLE/SSLv3 错误？如何修复

SSL 和 Weblogic - 远程 PSAdmin

http://weblogic-wonders.com/weblogic/2014/10/16/check-ssl-poodle-sslv3-bug-weblogic-fix/

http://remotepsadmins.com/2015/01/24/ssl-weblogic/

**Chrome 设置为在即将发布的版本中禁用和删除 SSLv3

http://www.zdnet.com/article/chrome-set-to-disable-and-remove-sslv3-in-upcoming-releases/

如何解决问题:

升级证书

解决方法:

POODLE 在浏览器中禁用 SSLv3 支持

https://zmap.io/sslv3/browsers.html

For Google Chrome:

1) Create new shortcut for your Chrome on your desktop

(2) Right click and select properties

(3) Look for Shortcut tab and add the following start-up parameter (Target field):

--cipher-suite-blacklist=0x0039,0x0033

Example: 

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0039,0x0033

4) Click Apply and open your browser from Shortcut

You can also run above line from command window to open Google Chrome.

For Firefox:


(1) In a new tab, type or paste about:config in the address bar and press Enter. 

(2) In the search box above the list, type or paste dhe and pause while the list is filtered

(3) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false 

(4) Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false 

(5) Restart your browser