当我访问大多数网站时,我已经开始收到此错误-
Microsoft网站,包括MSDN知识库,Lynda.com等



有什么办法可以覆盖这个。我正在使用Chrome 45.0.2454.85 m和Firefox v.40.0.3在传说中的IE上工作正常...

最佳答案

让我们逐步了解

POODLE攻击:

POODLE攻击是一种利用某些浏览器处理加密方式的攻击。 POODLE(在降级的传统加密上填充Oracle)是启用该漏洞的漏洞的名称。

SSL 3已死,被POODLE攻击杀死:

https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack

https://www.us-cert.gov/ncas/alerts/TA14-290A

如何在WebLogic上检查SSL POODLE/SSLv3错误?如何修复

SSL和Weblogic-远程PSAdmin

http://weblogic-wonders.com/weblogic/2014/10/16/check-ssl-poodle-sslv3-bug-weblogic-fix/

http://remotepsadmins.com/2015/01/24/ssl-weblogic/

** Chrome设置为在即将发布的版本中禁用和删除SSLv3

http://www.zdnet.com/article/chrome-set-to-disable-and-remove-sslv3-in-upcoming-releases/

如何解决问题:

升级证书

解决方法:

POODLE在浏览器中禁用SSLv3支持

https://zmap.io/sslv3/browsers.html

For Google Chrome:

1) Create new shortcut for your Chrome on your desktop

(2) Right click and select properties

(3) Look for Shortcut tab and add the following start-up parameter (Target field):

--cipher-suite-blacklist=0x0039,0x0033

Example:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0039,0x0033

4) Click Apply and open your browser from Shortcut

You can also run above line from command window to open Google Chrome.

For Firefox:


(1) In a new tab, type or paste about:config in the address bar and press Enter.

(2) In the search box above the list, type or paste dhe and pause while the list is filtered

(3) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false

(4) Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false

(5) Restart your browser

关于google-chrome - Chrome 45和Firefox-大多数网站上的ERR_SSL_FALLBACK_BEYOND最低版本,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/32468615/

10-11 22:12