码迷,mamicode.com
首页 > Web开发 > 详细

.net core 3.0 3.1 在docker 下报SSL Handshake failed with OpenSSL error

时间:2020-01-07 00:40:52      阅读:104      评论:0      收藏:0      [点我收藏+]

标签:info   openssl   api   its   ons   which   htm   ice   ISE   

参考地址:https://github.com/dotnet/corefx/issues/40538

 

According to https://www.ssllabs.com/ssltest/analyze.html?d=api-fxpractice.oanda.com their key exchanges are preferring DHE-1024 over ECDHE. Using the guidance from NIST SP 800-57, a 1024-bit DHE key has 80 bits of security (or smaller).

Debian Buster has raised the OpenSSL TLS security level to 2 (https://www.debian.org/releases/stable/i386/release-notes/ch-information.en.html#openssl-defaults), which requires DHE at 2048-bit or higher (112 bits of security).

Theoretically, editing /etc/ssl/openssl.cnf and setting CipherString = DEFAULT:@SECLEVEL=1 will change the security level back to 1.

 

看起来貌似是debian的安全级别提高了,但是我的应用在.net core 2.2是没有报这个错误的。

解决方式是在dockerfile加上命令

RUN sed -i "s|DEFAULT@SECLEVEL=2|DEFAULT@SECLEVEL=1|g" /etc/ssl/openssl.cnf

.net core 3.0 3.1 在docker 下报SSL Handshake failed with OpenSSL error

标签:info   openssl   api   its   ons   which   htm   ice   ISE   

原文地址:https://www.cnblogs.com/jidanfan/p/12158972.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!