- 1Promise面试题汇总
- 2【模块化与包管理】:解锁【Python】编程的高效之道
- 3保姆级手把手图文并茂教你配置MAC系统Flutter环境_mac配置flutter环境变量
- 402-用户画像-技术架构+业务划分
- 5Navicat数据库软件免费了!推出Navicat Premium Lite
- 6Flink 之时间语义与Wartermark_flink1.15设置时间语义
- 7java文件上传判重姿势浅谈_com.twmacinta.util.md5
- 8大模型+小模型协同处理跨文档理解任务,成本更低,性能更高_大小模型协同
- 9FreeCAD傻瓜式教程之入门初级使用方法-移动图形、坐标系、视角切换、工作台介绍、Blender导航模式、约束,导出dxf格式
- 10vue3 嵌入unity 3D模型入门教程_unity3d vue
nginx 之 TLS1.3配置_nginx tls1.3
赞
踩
配置TLS1.3
环境:
nginx 1.20
openssl 1.1.1l
如果查看openssl支持的ciphers
使用命令openssl ciphers
如何查看openssl支持的所有TLS/SSL版本:
penssl s_client -help 2>&1 | awk '/-(ssl|tls)[0-9]/{print $1}'
配置tls1.3
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; #增加 TLSv1.3
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
配置ssl_ciphers默认值:
Version 1.0.5 and later: the default SSL ciphers are “HIGH:!aNULL:!MD5”.
Version 0.7.65, 0.8.20 and later: the default SSL ciphers are “HIGH:!ADH:!MD5”.
Version 0.8.19: the default SSL ciphers are “ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM”.
Version 0.7.64, 0.8.18 and earlier: the default SSL ciphers are
“ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP”
