Chrome中的net :: ERR_INSECURE_RESPONSE [英] net::ERR_INSECURE_RESPONSE in Chrome
问题描述
从我的API中获取一些数据时,我在Chrome控制台中收到错误net :: ERR_INSECURE_RESPONSE
这个错误通常是由于未签名的证书造成的;然而,这不是一个问题,因为我有一个有效的签名证书。
错误不会经常发生,如果我重新启动Chrome浏览器,它就会消失。它也不会在任何其他浏览器中出现(在Safari,Mozilla,Opera上测试过)
任何想法为什么会发生这种情况?这只是一个浏览器错误?
当您从Chrome 55更新到Chrome 56(56.0.2924.87)
这是安全执法的增加。
重启浏览器并不会消失,这不是一个错误。
$ b
Mountain View表示希望你永远不会遇到
的消息,因为证书颁发机构需要停止发布SHA- 1
证书。以防万一,谷歌计划继续发布
警告,直到Chrome于2017年1月
1st完全停止支持SHA-1。那一天,一个网站仍然使用函数
将触发致命的网络错误。
(来源:
< a href =https://i.stack.imgur.com/noLjZ.png =noreferrer>
< img src =https://i.stack.imgur.com/FHHJN.pngalt =详情>
通知:
SHA-1现在日益变得越来越脆弱和不安全,因为我们倾向于信任带有
的网站。 在他们的网址。其他浏览器如Mozilla Firefox和
Microsoft Edge也计划停止支持它,努力鼓励网站所有者尽快切换到更安全的SHA-2证书
。
如果您迫切需要解决这个问题(您需要首先关闭所有运行的Chrome实例 - 否则它将不起作用):
chrome --args --ignore-certificate-errors
请注意:请勿使用这些命令行设置进行网上银行或gmail服务在您的Chrome实例中。
I am getting an error net::ERR_INSECURE_RESPONSE in the Chrome console when fetching some data from my API
This error usually occurs as a result of an unsigned certificate; however, it is not an issue with this because I have a valid and signed certificate.
The error doesn't happen often at all and it goes away if I restart my Chrome browser. It also doesn't occur in any other browser at all (tested on Safari, Mozilla, Opera)
Any idea why this is happening? Is this just a browser bug?
解决方案This happens when you update from Chrome 55 to Chrome 56 (56.0.2924.87).
This is an increase in security enforcement.
It doesn't go away by restarting the browser, and it's not a bug.Mountain View says it's hoping you don't ever encounter the message, because Certificate Authorities are required to stop issuing SHA-1 certificates in 2016. Just in case, Google plans to continue issuing warnings until Chrome completely stops supporting SHA-1 on January 1st, 2017. When that day comes, a website that still uses the function will trigger a fatal network error. (Source: Engadget.com)
If this happens, the most-likely cause is that your (or the website's) SSL-certificate uses SHA1.
SHA1 is broken, and SSL certificates using SHA1 are not secure anymore (it's now been a long time that Chrome showed this to you - now it blocksNET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM).Another likely cause is that your SSL-certificate expired
Also, you should disable backwards-compatiblity with SSL2 & SSL3 (Poodle Attack).
You should only be using TLS (SSL 3.1+).To test your domain's SSL-certificate, you can use SSL labs SSL test.
To find out what exactly the issue is: Open the chrome developer console (CTRL + SHIFT + J OR F12) And change to the security tab
For more information:
https://support.google.com/chrome/answer/95617?visit_id=1-636221396724527190-3454695657&p=ui_security_indicator&rd=1FYI:
SHA-1 has been growing weaker and more insecure everyday for a decade now, which is dangerous considering we tend to trust websites with "https://" in their URLs. Other browsers like Mozilla Firefox and Microsoft Edge also plan to stop supporting it in an effort to encourage website owners to switch to more secure SHA-2 certificates as soon as possible.
If you urgently need to get around it (you need to close all running instances of Chrome first - otherwise it won't work):
chrome --args --ignore-certificate-errorsPlease note: don't go online-banking or gmail'ing with those command-line settings active in your Chrome instance.
这篇关于Chrome中的net :: ERR_INSECURE_RESPONSE的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
![< img src =https://i.stack.imgur.com/FHHJN.pngalt =详情>](\"https://i.stack.imgur.com/FHHJN.png\"){kind=link}