为什么Windows XP无法处理较新的SSL证书版本? [英] Why can't Windows XP handle newer SSL certificate versions?
问题描述
我不太了解SSL证书兼容性是如何工作的,怎么可能Chrome和IE,它需要你完全切换到一个新的操作系统,但只是使用不同的浏览器时,这是不需要的?为什么一个简单的社区开发人员只能为Chrome和IE创建一个补丁,如果Firefox能够支持他们呢?浏览器和操作系统有什么联系?我在哪里画线?
好的,看mpql.net的例子,我们从 SSL实验室分析。问题似乎是服务器只支持椭圆曲线加密(各种TLS_ECDHE_xxx套件),根据MSDN文章安全套接字层协议和 TLS Cipher Suites ,Windows XP不包含任何椭圆曲线协议。这与证书本身无关,但与Web服务器配置的方式无关。
Firefox仍然有效,因为它使用,而不是使用Windows内置的SSL支持。当然,如果你使用的版本和Windows XP一样老,那么它也可能不起作用。 : - ) As I understand, as Windows XP support was officially dropped, the newest versions of SSL certificates used in certain websites cannot be accessed by Chrome and IE on WinXP due to incompatibility. However, Firefox apparently still does support Windows XP and can access those websites freely. I don't quite understand how the SSL certificates compatibility works, how is it possible that on Chrome and IE it requires you to switch to a new OS altogether but that's not needed when just using a different browser? Why can't a simple community developer just create a "patch" for Chrome and IE if Firefox can support them? What's the connection between the browser and the OS? Where do I draw the line? OK, so looking at the example of mpql.net, we start with the SSL Labs analysis. The problem appears to be that the server only supports elliptic curve cryptography (the various TLS_ECDHE_xxx suites) and, according to the MSDN articles Secure Sockets Layer Protocol and TLS Cipher Suites, Windows XP doesn't include any of the elliptic curve protocols. This is not related to the certificates per se, but to the way the web server is configured. Firefox still works because it uses its own cryptographic library rather than using the SSL support built into Windows. Of course, if you were using a version of Firefox as old as Windows XP is, it probably wouldn't work either. :-) 这篇关于为什么Windows XP无法处理较新的SSL证书版本?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
