FIPS 合規性隨著省略號曲線的新增而變得更加複雜,使得此數據表舊版中已啟用 FIPS 模式的數據行誤導。 例如,使用 NIST 橢圓曲線時,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256等加密套件僅符合 FIPS 規範。 若要瞭解 FIPS 模式中將啟用橢圓曲線和加密套件的組合,請參閱選取、組態和使用 TLS 實作指導方針的第 3.3....
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384是TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256是TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA是TLS 1.2、TLS 1.1、TLS 1.0 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA是TLS 1.2、TLS 1.1、TLS 1.0 ...
是tomcat的lib库的问题
enabled-protocols: TLSv1,TLSv1.1,TLSv1.2 ciphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AE...
Negotiated cipher ECDHE-ECDSA-CHACHA20-POLY1305-OLD, 256 bit ECDH (P-256) Cipher order TLSv1: ECDHE-RSA-AES128-SHA AES128-SHA ECDHE-RSA-AES256-SHA AES256-SHA DES-CBC3-SHA TLSv1.1: ECDHE-RSA-AES128-SHA AES128-SHA ECDHE-RSA-AES256-SHA AES256-SHA ...
ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA DES-CBC3-SHA TLSv1.2支持: ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA
ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA DES-CBC3-SHA TLSv1.2 支持: ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA DES-CBC3-SHA ECDHE-ECDSA-AES128-GCM-SHA256 ...
SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA...
ciphers ="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES1...
这个问题出现在使用TLS1.3的时候,我假设jdk11默认使用TLS1.3。