华为SNS交换机（OEM博科FC交换机）Fabric OS: v 8版本后通过https方式浏览器访问交换机Webtools显示没有匹配的加密算法套件的解决办法

1、通过火狐浏览器访问时提示：连接 10.77.77.77 时发生错误。 无法安全地与对等端通信：没有双方共用的加密算法。 错误代码: SSL_ERROR_NO_CYPHER_OVERLAP

2、处理过程

通过命令seccryptocfg --show查看交换机的TLS加密算法套件：

--------------------------------------------------------------------------------------------------------

SNS2624_D12:admin> seccryptocfg --show
SSH Crypto:
SSH Cipher : aes128-ctr,aes192-ctr,aes256-ctr
SSH Kex : ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
SSH MAC : hmac-sha1,hmac-sha2-256,hmac-sha2-512
TLS Ciphers:
HTTPS : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM:!SSLv3
RADIUS : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
LDAP : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
SYSLOG : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
TLS Protocol:
HTTPS : Any
RADIUS : Any
LDAP : Any
SYSLOG : Any
X509v3:
Validation : Basic
SNS2624_D12:admin>

--------------------------------------------------------------------------------------------------------

可见是配置了过强的加密算法套件。

2、登陆交换机改成general的加密算法再试就好了（博科出厂的时候8.1.0b版本默认设置为了strong的算法模板）：
seccryptocfg --apply default_generic

--------------------------------------------------------------------------------------------------------

SNS2624_D12:admin> seccryptocfg --apply default_generic
Validating....
Applying...

Template configurations applied successfully
SNS2624_D12:admin>

--------------------------------------------------------------------------------------------------------

3、再次查看：

--------------------------------------------------------------------------------------------------------

SNS2624_D12:admin> seccryptocfg --show
SSH Crypto:
SSH Cipher : aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
SSH Kex : ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
SSH MAC : hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha2-512
TLS Ciphers:
HTTPS : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
RADIUS : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
LDAP : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
SYSLOG : !ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
TLS Protocol:
HTTPS : Any
RADIUS : Any
LDAP : Any
SYSLOG : Any
X509v3:
Validation : Basic
SNS2624_D12:admin>

--------------------------------------------------------------------------------------------------------

SNS2624_D12:admin> seccryptocfg --lstemplates

List of templates:
default_generic                           ##general的加密算法成为第一行，说明已经改好了
default_fips
default_cc
default_strong

--------------------------------------------------------------------------------------------------------

4、再次尝试：

已经可以正常访问，就可以通过java工具管理了