如何将 SSLv3 更改为 TLS?

如何将 SSLv3 更改为 TLS?

在我这里Rails application,当用户支付产品费用时出现错误。

OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed)

由于payment gateway does not support SSLv3比较多,所以需要设置TLS

protocol in the OpenSSL::SSL::SSLContext.
ssl_version = :TLSv1

但我尝试了很多次,却不知道如何set it ssl_version.

更新

现在,我在 apache 服务器中找到了路径

Edited: /etc/apache2/mods-enabled/ssl.conf

>  SSLProtocol all
Change to 
>  SSLProtocol  TLSv1 TLSv1.1 TLSv1.2

重新启动 apache 服务器后。

但仍然出现同样的错误...这里的任何人都可以帮忙......

SSLSCAN 结果:

Supported Server Cipher(s):
    Failed    SSLv3  256 bits  ECDHE-RSA-AES256-GCM-SHA384
Failed    SSLv3  256 bits  ECDHE-ECDSA-AES256-GCM-SHA384
Failed    SSLv3  256 bits  ECDHE-RSA-AES256-SHA384
Failed    SSLv3  256 bits  ECDHE-ECDSA-AES256-SHA384
Rejected  SSLv3  256 bits  ECDHE-RSA-AES256-SHA
Rejected  SSLv3  256 bits  ECDHE-ECDSA-AES256-SHA
Failed    SSLv3  256 bits  SRP-DSS-AES-256-CBC-SHA
Failed    SSLv3  256 bits  SRP-RSA-AES-256-CBC-SHA
Failed    SSLv3  256 bits  SRP-AES-256-CBC-SHA
Failed    SSLv3  256 bits  DHE-DSS-AES256-GCM-SHA384
Failed    SSLv3  256 bits  DHE-RSA-AES256-GCM-SHA384
Failed    SSLv3  256 bits  DHE-RSA-AES256-SHA256
Failed    SSLv3  256 bits  DHE-DSS-AES256-SHA256
Rejected  SSLv3  256 bits  DHE-RSA-AES256-SHA
Rejected  SSLv3  256 bits  DHE-DSS-AES256-SHA
Rejected  SSLv3  256 bits  DHE-RSA-CAMELLIA256-SHA
Rejected  SSLv3  256 bits  DHE-DSS-CAMELLIA256-SHA
Rejected  SSLv3  256 bits  AECDH-AES256-SHA
Failed    SSLv3  256 bits  ADH-AES256-GCM-SHA384
Failed    SSLv3  256 bits  ADH-AES256-SHA256
Rejected  SSLv3  256 bits  ADH-AES256-SHA
Rejected  SSLv3  256 bits  ADH-CAMELLIA256-SHA
Failed    SSLv3  256 bits  ECDH-RSA-AES256-GCM-SHA384
Failed    SSLv3  256 bits  ECDH-ECDSA-AES256-GCM-SHA384
Failed    SSLv3  256 bits  ECDH-RSA-AES256-SHA384
Failed    SSLv3  256 bits  ECDH-ECDSA-AES256-SHA384
Rejected  SSLv3  256 bits  ECDH-RSA-AES256-SHA
Rejected  SSLv3  256 bits  ECDH-ECDSA-AES256-SHA
Failed    SSLv3  256 bits  AES256-GCM-SHA384
Failed    SSLv3  256 bits  AES256-SHA256
Rejected  SSLv3  256 bits  AES256-SHA
Rejected  SSLv3  256 bits  CAMELLIA256-SHA
Failed    SSLv3  256 bits  PSK-AES256-CBC-SHA
Rejected  SSLv3  168 bits  ECDHE-RSA-DES-CBC3-SHA
Rejected  SSLv3  168 bits  ECDHE-ECDSA-DES-CBC3-SHA
Failed    SSLv3  168 bits  SRP-DSS-3DES-EDE-CBC-SHA
Failed    SSLv3  168 bits  SRP-RSA-3DES-EDE-CBC-SHA
Failed    SSLv3  168 bits  SRP-3DES-EDE-CBC-SHA
Rejected  SSLv3  168 bits  EDH-RSA-DES-CBC3-SHA
Rejected  SSLv3  168 bits  EDH-DSS-DES-CBC3-SHA
Rejected  SSLv3  168 bits  AECDH-DES-CBC3-SHA
Rejected  SSLv3  168 bits  ADH-DES-CBC3-SHA
Rejected  SSLv3  168 bits  ECDH-RSA-DES-CBC3-SHA
Rejected  SSLv3  168 bits  ECDH-ECDSA-DES-CBC3-SHA
Rejected  SSLv3  168 bits  DES-CBC3-SHA
Failed    SSLv3  168 bits  PSK-3DES-EDE-CBC-SHA
Failed    SSLv3  128 bits  ECDHE-RSA-AES128-GCM-SHA256
Failed    SSLv3  128 bits  ECDHE-ECDSA-AES128-GCM-SHA256
Failed    SSLv3  128 bits  ECDHE-RSA-AES128-SHA256
Failed    SSLv3  128 bits  ECDHE-ECDSA-AES128-SHA256
Rejected  SSLv3  128 bits  ECDHE-RSA-AES128-SHA
Rejected  SSLv3  128 bits  ECDHE-ECDSA-AES128-SHA
Failed    SSLv3  128 bits  SRP-DSS-AES-128-CBC-SHA
Failed    SSLv3  128 bits  SRP-RSA-AES-128-CBC-SHA
Failed    SSLv3  128 bits  SRP-AES-128-CBC-SHA
Failed    SSLv3  128 bits  DHE-DSS-AES128-GCM-SHA256
Failed    SSLv3  128 bits  DHE-RSA-AES128-GCM-SHA256
Failed    SSLv3  128 bits  DHE-RSA-AES128-SHA256
Failed    SSLv3  128 bits  DHE-DSS-AES128-SHA256
Rejected  SSLv3  128 bits  DHE-RSA-AES128-SHA
Rejected  SSLv3  128 bits  DHE-DSS-AES128-SHA
Rejected  SSLv3  128 bits  DHE-RSA-SEED-SHA
Rejected  SSLv3  128 bits  DHE-DSS-SEED-SHA
Rejected  SSLv3  128 bits  DHE-RSA-CAMELLIA128-SHA
Rejected  SSLv3  128 bits  DHE-DSS-CAMELLIA128-SHA
Rejected  SSLv3  128 bits  AECDH-AES128-SHA
Failed    SSLv3  128 bits  ADH-AES128-GCM-SHA256
Failed    SSLv3  128 bits  ADH-AES128-SHA256
Rejected  SSLv3  128 bits  ADH-AES128-SHA
Rejected  SSLv3  128 bits  ADH-SEED-SHA
Rejected  SSLv3  128 bits  ADH-CAMELLIA128-SHA
Failed    SSLv3  128 bits  ECDH-RSA-AES128-GCM-SHA256
Failed    SSLv3  128 bits  ECDH-ECDSA-AES128-GCM-SHA256
Failed    SSLv3  128 bits  ECDH-RSA-AES128-SHA256
Failed    SSLv3  128 bits  ECDH-ECDSA-AES128-SHA256
Rejected  SSLv3  128 bits  ECDH-RSA-AES128-SHA
Rejected  SSLv3  128 bits  ECDH-ECDSA-AES128-SHA
Failed    SSLv3  128 bits  AES128-GCM-SHA256
Failed    SSLv3  128 bits  AES128-SHA256
Rejected  SSLv3  128 bits  AES128-SHA
Rejected  SSLv3  128 bits  SEED-SHA
Rejected  SSLv3  128 bits  CAMELLIA128-SHA
Failed    SSLv3  128 bits  PSK-AES128-CBC-SHA
Rejected  SSLv3  128 bits  ECDHE-RSA-RC4-SHA
Rejected  SSLv3  128 bits  ECDHE-ECDSA-RC4-SHA
Rejected  SSLv3  128 bits  AECDH-RC4-SHA
Rejected  SSLv3  128 bits  ADH-RC4-MD5
Rejected  SSLv3  128 bits  ECDH-RSA-RC4-SHA
Rejected  SSLv3  128 bits  ECDH-ECDSA-RC4-SHA
Rejected  SSLv3  128 bits  RC4-SHA
Rejected  SSLv3  128 bits  RC4-MD5
Failed    SSLv3  128 bits  PSK-RC4-SHA
Rejected  SSLv3  56 bits   EDH-RSA-DES-CBC-SHA
Rejected  SSLv3  56 bits   EDH-DSS-DES-CBC-SHA
Rejected  SSLv3  56 bits   ADH-DES-CBC-SHA
Rejected  SSLv3  56 bits   DES-CBC-SHA
Rejected  SSLv3  40 bits   EXP-EDH-RSA-DES-CBC-SHA
Rejected  SSLv3  40 bits   EXP-EDH-DSS-DES-CBC-SHA
Rejected  SSLv3  40 bits   EXP-ADH-DES-CBC-SHA
Rejected  SSLv3  40 bits   EXP-DES-CBC-SHA
Rejected  SSLv3  40 bits   EXP-RC2-CBC-MD5
Rejected  SSLv3  40 bits   EXP-ADH-RC4-MD5
Rejected  SSLv3  40 bits   EXP-RC4-MD5
Rejected  SSLv3  0 bits    ECDHE-RSA-NULL-SHA
Rejected  SSLv3  0 bits    ECDHE-ECDSA-NULL-SHA
Rejected  SSLv3  0 bits    AECDH-NULL-SHA
Rejected  SSLv3  0 bits    ECDH-RSA-NULL-SHA
Rejected  SSLv3  0 bits    ECDH-ECDSA-NULL-SHA
Failed    SSLv3  0 bits    NULL-SHA256
Rejected  SSLv3  0 bits    NULL-SHA
Rejected  SSLv3  0 bits    NULL-MD5
Failed    TLSv1  256 bits  ECDHE-RSA-AES256-GCM-SHA384
Failed    TLSv1  256 bits  ECDHE-ECDSA-AES256-GCM-SHA384
Failed    TLSv1  256 bits  ECDHE-RSA-AES256-SHA384
Failed    TLSv1  256 bits  ECDHE-ECDSA-AES256-SHA384
Accepted  TLSv1  256 bits  ECDHE-RSA-AES256-SHA
Rejected  TLSv1  256 bits  ECDHE-ECDSA-AES256-SHA
Failed    TLSv1  256 bits  SRP-DSS-AES-256-CBC-SHA
Failed    TLSv1  256 bits  SRP-RSA-AES-256-CBC-SHA
Failed    TLSv1  256 bits  SRP-AES-256-CBC-SHA
Failed    TLSv1  256 bits  DHE-DSS-AES256-GCM-SHA384
Failed    TLSv1  256 bits  DHE-RSA-AES256-GCM-SHA384
Failed    TLSv1  256 bits  DHE-RSA-AES256-SHA256
Failed    TLSv1  256 bits  DHE-DSS-AES256-SHA256
Accepted  TLSv1  256 bits  DHE-RSA-AES256-SHA
Rejected  TLSv1  256 bits  DHE-DSS-AES256-SHA
Accepted  TLSv1  256 bits  DHE-RSA-CAMELLIA256-SHA
Rejected  TLSv1  256 bits  DHE-DSS-CAMELLIA256-SHA
Rejected  TLSv1  256 bits  AECDH-AES256-SHA
Failed    TLSv1  256 bits  ADH-AES256-GCM-SHA384
Failed    TLSv1  256 bits  ADH-AES256-SHA256
Rejected  TLSv1  256 bits  ADH-AES256-SHA
Rejected  TLSv1  256 bits  ADH-CAMELLIA256-SHA
Failed    TLSv1  256 bits  ECDH-RSA-AES256-GCM-SHA384
Failed    TLSv1  256 bits  ECDH-ECDSA-AES256-GCM-SHA384
Failed    TLSv1  256 bits  ECDH-RSA-AES256-SHA384
Failed    TLSv1  256 bits  ECDH-ECDSA-AES256-SHA384
Rejected  TLSv1  256 bits  ECDH-RSA-AES256-SHA
Rejected  TLSv1  256 bits  ECDH-ECDSA-AES256-SHA
Failed    TLSv1  256 bits  AES256-GCM-SHA384
Failed    TLSv1  256 bits  AES256-SHA256
Accepted  TLSv1  256 bits  AES256-SHA
Accepted  TLSv1  256 bits  CAMELLIA256-SHA
Failed    TLSv1  256 bits  PSK-AES256-CBC-SHA
Accepted  TLSv1  168 bits  ECDHE-RSA-DES-CBC3-SHA
Rejected  TLSv1  168 bits  ECDHE-ECDSA-DES-CBC3-SHA
Failed    TLSv1  168 bits  SRP-DSS-3DES-EDE-CBC-SHA
Failed    TLSv1  168 bits  SRP-RSA-3DES-EDE-CBC-SHA
Failed    TLSv1  168 bits  SRP-3DES-EDE-CBC-SHA
Accepted  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
Rejected  TLSv1  168 bits  EDH-DSS-DES-CBC3-SHA
Rejected  TLSv1  168 bits  AECDH-DES-CBC3-SHA
Rejected  TLSv1  168 bits  ADH-DES-CBC3-SHA
Rejected  TLSv1  168 bits  ECDH-RSA-DES-CBC3-SHA
Rejected  TLSv1  168 bits  ECDH-ECDSA-DES-CBC3-SHA
Accepted  TLSv1  168 bits  DES-CBC3-SHA
Failed    TLSv1  168 bits  PSK-3DES-EDE-CBC-SHA
Failed    TLSv1  128 bits  ECDHE-RSA-AES128-GCM-SHA256
Failed    TLSv1  128 bits  ECDHE-ECDSA-AES128-GCM-SHA256
Failed    TLSv1  128 bits  ECDHE-RSA-AES128-SHA256
Failed    TLSv1  128 bits  ECDHE-ECDSA-AES128-SHA256
Accepted  TLSv1  128 bits  ECDHE-RSA-AES128-SHA
Rejected  TLSv1  128 bits  ECDHE-ECDSA-AES128-SHA
Failed    TLSv1  128 bits  SRP-DSS-AES-128-CBC-SHA
Failed    TLSv1  128 bits  SRP-RSA-AES-128-CBC-SHA
Failed    TLSv1  128 bits  SRP-AES-128-CBC-SHA
Failed    TLSv1  128 bits  DHE-DSS-AES128-GCM-SHA256
Failed    TLSv1  128 bits  DHE-RSA-AES128-GCM-SHA256
Failed    TLSv1  128 bits  DHE-RSA-AES128-SHA256
Failed    TLSv1  128 bits  DHE-DSS-AES128-SHA256
Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA
Rejected  TLSv1  128 bits  DHE-DSS-AES128-SHA
Rejected  TLSv1  128 bits  DHE-RSA-SEED-SHA
Rejected  TLSv1  128 bits  DHE-DSS-SEED-SHA
Accepted  TLSv1  128 bits  DHE-RSA-CAMELLIA128-SHA
Rejected  TLSv1  128 bits  DHE-DSS-CAMELLIA128-SHA
Rejected  TLSv1  128 bits  AECDH-AES128-SHA
Failed    TLSv1  128 bits  ADH-AES128-GCM-SHA256
Failed    TLSv1  128 bits  ADH-AES128-SHA256
Rejected  TLSv1  128 bits  ADH-AES128-SHA
Rejected  TLSv1  128 bits  ADH-SEED-SHA
Rejected  TLSv1  128 bits  ADH-CAMELLIA128-SHA
Failed    TLSv1  128 bits  ECDH-RSA-AES128-GCM-SHA256
Failed    TLSv1  128 bits  ECDH-ECDSA-AES128-GCM-SHA256
Failed    TLSv1  128 bits  ECDH-RSA-AES128-SHA256
Failed    TLSv1  128 bits  ECDH-ECDSA-AES128-SHA256
Rejected  TLSv1  128 bits  ECDH-RSA-AES128-SHA
Rejected  TLSv1  128 bits  ECDH-ECDSA-AES128-SHA
Failed    TLSv1  128 bits  AES128-GCM-SHA256
Failed    TLSv1  128 bits  AES128-SHA256
Accepted  TLSv1  128 bits  AES128-SHA
Rejected  TLSv1  128 bits  SEED-SHA
Accepted  TLSv1  128 bits  CAMELLIA128-SHA
Failed    TLSv1  128 bits  PSK-AES128-CBC-SHA
Rejected  TLSv1  128 bits  ECDHE-RSA-RC4-SHA
Rejected  TLSv1  128 bits  ECDHE-ECDSA-RC4-SHA
Rejected  TLSv1  128 bits  AECDH-RC4-SHA
Rejected  TLSv1  128 bits  ADH-RC4-MD5
Rejected  TLSv1  128 bits  ECDH-RSA-RC4-SHA
Rejected  TLSv1  128 bits  ECDH-ECDSA-RC4-SHA
Rejected  TLSv1  128 bits  RC4-SHA
Rejected  TLSv1  128 bits  RC4-MD5
Failed    TLSv1  128 bits  PSK-RC4-SHA
Rejected  TLSv1  56 bits   EDH-RSA-DES-CBC-SHA
Rejected  TLSv1  56 bits   EDH-DSS-DES-CBC-SHA
Rejected  TLSv1  56 bits   ADH-DES-CBC-SHA
Rejected  TLSv1  56 bits   DES-CBC-SHA
Rejected  TLSv1  40 bits   EXP-EDH-RSA-DES-CBC-SHA
Rejected  TLSv1  40 bits   EXP-EDH-DSS-DES-CBC-SHA
Rejected  TLSv1  40 bits   EXP-ADH-DES-CBC-SHA
Rejected  TLSv1  40 bits   EXP-DES-CBC-SHA
Rejected  TLSv1  40 bits   EXP-RC2-CBC-MD5
Rejected  TLSv1  40 bits   EXP-ADH-RC4-MD5
Rejected  TLSv1  40 bits   EXP-RC4-MD5
Rejected  TLSv1  0 bits    ECDHE-RSA-NULL-SHA
Rejected  TLSv1  0 bits    ECDHE-ECDSA-NULL-SHA
Rejected  TLSv1  0 bits    AECDH-NULL-SHA
Rejected  TLSv1  0 bits    ECDH-RSA-NULL-SHA
Rejected  TLSv1  0 bits    ECDH-ECDSA-NULL-SHA
Failed    TLSv1  0 bits    NULL-SHA256
Rejected  TLSv1  0 bits    NULL-SHA
Rejected  TLSv1  0 bits    NULL-MD5

谢谢

答案1

是的,我自己找到了解决方案。

我解决了所有协议错误,但仍然由于 activemerchant gem 版本太旧而显示错误。

因此,在 Sagepay 网关发生变化后,它不再位于 gem 中,所以一旦我更新了 activemerchant 的 gem,就会自动获取 SagePay Gateway 的更新,从而解决了我的错误。

谢谢

相关内容