使用HTTP2和TLS的Cowboy Web服务器在Chrome中获取ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY
[英]Cowboy Webserver using HTTP2 and TLS getting ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY in Chrome
问题描述
I'm using: Erlang OTP 21 and Cowboy 2.4 Code: 
我正在使用:Erlang OTP 21和Cowboy 2.4代码:
cowboy:start_tls(
my_listener,
[
{port, Web_Server_Port},
{certfile, Cert_File},
{keyfile, Key_File}
],
#{env => #{dispatch => dispatcher()}}
)
I'm using this to start the web server, which work fine on HTTP1.1,but now Chrome is using HTTP2 and that can't be disabled. 我正在使用它来启动Web服务器,该服务器可以在HTTP1.1上正常工作,但是现在Chrome使用的是HTTP2,因此无法将其禁用。 So now I'm receiving: 所以现在我收到:
ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY
I also experience a similar problem Firefox with HTTP2 enable: 我也遇到了类似的问题,Firefox使用HTTP2启用:
Error code: NS_ERROR_NET_INADEQUATE_SECURITY
but on Firefox I can disable HTTP2. 但是在Firefox上,我可以禁用HTTP2。 It work fine when HTTP2 is disabled. 禁用HTTP2时,它可以正常工作。 I have verified my certificate is good and I get the green lock under HTTP1.1 I have read that HTTP2 is stricter with the ciphers that are used and the order they appear. 我已经验证了我的证书是好的,并且在HTTP1.1下获得了绿色锁,我已经阅读到HTTP2对于所使用的密码及其出现的顺序更加严格。
Fixing ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY SSL error in Chrome https://www.jeffgeerling.com/blog/2016/fixing-errspdyinadequatetransportsecurity-ssl-error-chrome But not sure if that is the problem. 在Chrome浏览器中修复ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY SSL错误https://www.jeffgeerling.com/blog/2016/fixing-errspdyinadequatetransportsecurity-ssl-error-chrome但不确定是否是问题所在。
I'm not sure of what ciphers to use also not exactly sure how to indicate their use in cowboy. 我不确定要使用哪种密码,也不确定如何指示其在牛仔中的使用。 I have tried adding a cipher option in the options, but this doesn't correct the problem: 我尝试在选项中添加密码选项,但这不能解决问题:
{ciphers, [
{ecdhe_ecdsa,aes_256_cbc,sha384,sha384},
{ecdhe_rsa,aes_256_cbc,sha384,sha384},
{ecdh_ecdsa,aes_256_cbc,sha384,sha384},
{ecdh_rsa,aes_256_cbc,sha384,sha384},
{dhe_rsa,aes_256_cbc,sha256},
{dhe_dss,aes_256_cbc,sha256},
{ecdhe_ecdsa,aes_256_cbc,sha},
{ecdhe_rsa,aes_256_cbc,sha},
{dhe_rsa,aes_256_cbc,sha},
{dhe_dss,aes_256_cbc,sha},
{ecdh_ecdsa,aes_256_cbc,sha},
{ecdh_rsa,aes_256_cbc,sha},
{ecdhe_rsa,aes_128_cbc,sha},
{dhe_rsa,aes_128_cbc,sha},
{dhe_dss,aes_128_cbc,sha},
{ecdh_ecdsa,aes_128_cbc,sha},
{ecdh_rsa,aes_128_cbc,sha}
]}
Any suggestions on what I'm doing wrong here? 关于我在这里做错的任何建议吗?
1 个解决方案
解决方案1
2 2018-10-31 17:26:49
HTTP/2 forbids the use of old ciphers including all the CBC ciphers you have listed. HTTP / 2 禁止使用旧密码,包括您列出的所有CBC密码。
Enable some GCM ciphers like this, which should be accepted by most browsers: 启用这样的一些GCM密码,大多数浏览器都应接受:
{ciphers, ["ECDHE-RSA-AES256-GCM-SHA384"]}
Though by default it should allow these. 虽然默认情况下应该允许这些。
See here for more information: http://ezgr.net/increasing-security-erlang-ssl-cowboy/ 有关更多信息,请参见此处: http : //ezgr.net/increasing-security-erlang-ssl-cowboy/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.