NGINX NGINX Trac 3rd Party Modules Security Advisories CHANGES OpenResty ngx_lua Tengine 在线学习资源 NGINX 开发从入门到精通 NGINX Modules ngx_echo
这是一个创建于 726 天前的主题,其中的信息可能已经有所发展或是发生改变。
修改 nginx ssl_protocols 配置只支持 TLSv1.2 ,但是检查出域名还是有 TLSv1.1 ,配置如下,该配置文件还有很多其它域名配置
listen 443 ssl;
server_name XXX;
allow all;
ssl_certificate /etc/nginx/cert/xxx.com.pem;
ssl_certificate_key /etc/nginx/cert/xxx.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!3DES;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
listen 443 ssl;
server_name XXX;
allow all;
ssl_certificate /etc/nginx/cert/xxx.com.pem;
ssl_certificate_key /etc/nginx/cert/xxx.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!3DES;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
 | 1 Girls 2023-10-20 11:21:57 +08:00 via iPhone 其它域名配置也要同步改 |
 | 2 ysc3839 2023-10-20 11:30:56 +08:00 via Android ssl 配置建议放在 http 块里面,server 块里只配置证书 |
 | 3 ondeay OP ssl_ciphers 密码套件去掉 ECDHE:ECDH:AES:HIGH 之后,TLSv1 TLSv1.1 就检测不到了 |
| 4 ysc3839 2023-10-20 16:12:36 +08:00 via Android |
Select Language