我已经从Namecheap购买了SSL Cretified SSL。现在我在https://www.djdanni.com和2 othhere网站上有它,但我总是在所有3上得到 SSL连接错误。这是什么?我在Windows 7旗舰版上使用Wamp Server和OpenSSL。我该如何解决?
这是来自我的http-vhost.conf
NameVirtualHost *:443
<VirtualHost *:443>
ServerName www.djdanni.com
ServerAlias www.djdanni.com
DocumentRoot L:/wamp/www
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "L:/wamp/bin/apache/Apache2.2.21/conf/15929333repl_1.crt"
SSLCertificateKeyFile "L:/wamp/bin/apache/Apache2.2.21/conf/www.djdanni.com.key"
SSLCACertificateFile "L:/wamp/bin/apache/Apache2.2.21/conf/Bundle.crt"
ErrorLog L:/wamp/Weblog/minirvinir.com/ssl/1/error_log.log
TransferLog L:/wamp/Weblog/minirvinir.com/ssl/1/access_log.log
LogFormat combined
<Directory "L:/wamp/www/">
SSLOptions +StdEnvVars
</Directory>
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
<VirtualHost *:443>
ServerName www.minirvinir.com
ServerAlias www.minirvinir.com
DocumentRoot L:/wamp/www/websocial
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "L:/wamp/bin/apache/Apache2.2.21/conf/15929333repl_1.crt"
SSLCertificateKeyFile "L:/wamp/bin/apache/Apache2.2.21/conf/www.djdanni.com.key"
SSLCACertificateFile "L:/wamp/bin/apache/Apache2.2.21/conf/Bundle.crt"
ErrorLog L:/wamp/Weblog/minirvinir.com/ssl/2/error_log.log
TransferLog L:/wamp/Weblog/minirvinir.com/ssl/2/access_log.log
LogFormat combined
<Directory "L:/wamp/www/websocial">
SSLOptions +StdEnvVars
</Directory>
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
<VirtualHost *:443>
ServerName www.kruttin.com
ServerAlias www.kruttin.com
DocumentRoot L:/wamp/www/voffapeysur.com
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "L:/wamp/bin/apache/Apache2.2.21/conf/15929333repl_1.crt"
SSLCertificateKeyFile "L:/wamp/bin/apache/Apache2.2.21/conf/www.djdanni.com.key"
SSLCACertificateFile "L:/wamp/bin/apache/Apache2.2.21/conf/Bundle.crt"
ErrorLog L:/wamp/Weblog/minirvinir.com/ssl/3/error_log.log
TransferLog L:/wamp/Weblog/minirvinir.com/ssl/3/access_log.log
LogFormat combined
<Directory "L:/wamp/www/voffapeysur.com">
SSLOptions +StdEnvVars
</Directory>
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
<VirtualHost *:443>
ServerName www.djdanni.com
ServerAlias www.djdanni.com
DocumentRoot L:/wamp/www
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "L:/wamp/bin/apache/Apache2.2.21/conf/15929333repl_1.crt"
SSLCertificateKeyFile "L:/wamp/bin/apache/Apache2.2.21/conf/www.djdanni.com.key"
SSLCACertificateFile "L:/wamp/bin/apache/Apache2.2.21/conf/Bundle.crt"
ErrorLog L:/wamp/Weblog/minirvinir.com/ssl/1/error_log.log
TransferLog L:/wamp/Weblog/minirvinir.com/ssl/1/access_log.log
LogFormat combined
<Directory "L:/wamp/www/">
SSLOptions +StdEnvVars
</Directory>
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
<VirtualHost *:443>
ServerName www.minirvinir.com
ServerAlias www.minirvinir.com
DocumentRoot L:/wamp/www/websocial
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "L:/wamp/bin/apache/Apache2.2.21/conf/15929333repl_1.crt"
SSLCertificateKeyFile "L:/wamp/bin/apache/Apache2.2.21/conf/www.djdanni.com.key"
SSLCACertificateFile "L:/wamp/bin/apache/Apache2.2.21/conf/Bundle.crt"
ErrorLog L:/wamp/Weblog/minirvinir.com/ssl/2/error_log.log
TransferLog L:/wamp/Weblog/minirvinir.com/ssl/2/access_log.log
LogFormat combined
<Directory "L:/wamp/www/websocial">
SSLOptions +StdEnvVars
</Directory>
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
<VirtualHost *:443>
ServerName www.kruttin.com
ServerAlias www.kruttin.com
DocumentRoot L:/wamp/www/voffapeysur.com
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "L:/wamp/bin/apache/Apache2.2.21/conf/15929333repl_1.crt"
SSLCertificateKeyFile "L:/wamp/bin/apache/Apache2.2.21/conf/www.djdanni.com.key"
SSLCACertificateFile "L:/wamp/bin/apache/Apache2.2.21/conf/Bundle.crt"
ErrorLog L:/wamp/Weblog/minirvinir.com/ssl/3/error_log.log
TransferLog L:/wamp/Weblog/minirvinir.com/ssl/3/access_log.log
LogFormat combined
<Directory "L:/wamp/www/voffapeysur.com">
SSLOptions +StdEnvVars
</Directory>
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
答案 0 :(得分:0)
我可以使用Chrome 40和IE11访问此网站。当您看到SSL连接错误时,您使用的浏览器是什么?
www.ssllabs.com/ssltest/analyze.html?d=minirvinir.com
www.ssllabs.com/ssltest/analyze.html?d=kruttin.com
表示大多数浏览器都有成功的握手,但您选择的密码套件可能会有所考虑。
来自https://cipherli.st/的这些设置似乎要好得多:
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCompression off