cert/server.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers...DEFAULT; # This is default SSL_ciphers setting,if you get error,you can change it like me,set...DEFAULT #ssl_ciphers PROFILE=SYSTEM; ssl_prefer_server_ciphers on; # Load...(SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match) Solution 将nginx.config默认的ssl_ciphers...PROFILE=SYSTEM;设置为ssl_ciphers DEFAULT; 重启nginx即可
为了让Wireshark能截包,ssl_ciphers可以改成RSA。 ...ssl-cert-snakeoil.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; #ssl_ciphers...MD5; ssl_ciphers RSA; ssl_prefer_server_ciphers on; location / {
ssl_certificate_key example.com.ecdsa.key; 此时由于双证书,浏览器无法区分不同的加密算法使用的配套加密协议该使用哪个证书; 因此重点在于算法的区分,不同的算法对应不同是证书,配置ssl_ciphers...ssl_ciphers 'EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH...MD5'; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256...DSS'; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384
1_你的域名_bundle.crt; ssl_certificate_key /etc/nginx/2_你的域名.key; ssl_session_timeout 5m; } 配置 ssl_ciphers...server { ssl_protocols TLSv1.1 TLSv1.2; #按照这个协议配置 #ssl_ciphers HIGH:!...MD5; #ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!...DHE;#按照这个套件配置 ssl_ciphers ' ECDHE-ECDSA-AES256-GCM-SHA384: ECDHE-RSA-AES256-GCM-SHA384:
ssl_session_timeout 5m; # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置 # ssl_ciphers...DHE;#按照这个套件配置 ssl_ciphers HIGH:!aNULL:!
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; #ssl_ciphers...MD5; ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13
ssl_certificate_key ff11sf.com.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers...zanglikun.com.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers...newsglobal.cn.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers...zlk1999.xyz.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers...cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers
/etc/nginx/cert/psvmc.pem; ssl_certificate_key /etc/nginx/cert/psvmc.key; ssl_session_timeout 5m; ssl_ciphers...psvmc.pem; ssl_certificate_key /etc/nginx/cert/psvmc.key; ssl_session_timeout 5m; ssl_ciphers...psvmc.pem; ssl_certificate_key /etc/nginx/cert/psvmc.key; ssl_session_timeout 5m; ssl_ciphers
$ssl_ciphers 返回客户端 (1.11.7) 支持的加密算法列表。已知密码按名称列出,未知密码以十六进制显示。只有在使用 OpenSSL 1.0.2 或更高版本时才完全支持该变量。...log_format ssl 'ssl_alpn_protocol=$ssl_alpn_protocol ssl_cipher=$ssl_cipher ssl_ciphers=$ssl_ciphers'...ssl_alpn_protocol=- ssl_cipher=ECDHE-RSA-AES128-GCM-SHA256 ssl_ciphers=TLS_AES_128_GCM_SHA256:TLS_AES...ssl_ciphers 指定可用的加密算法,这个配置和上面的 ssl_cipher 以及 ssl_ciphers 也有关系。主要就是在建立 TLS 连接时,具体要使用的加密算法范围。...甚至在今天的学习之前,我也并不清楚 ssl_ciphers、ssl_session_cache 到底是干嘛用的。
ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers...ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers...ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers
cert/*****.top.pem; ssl_certificate_key cert/*****.top.key; ssl_session_timeout 5m; ssl_ciphers...cert/*****.top.pem; ssl_certificate_key cert/*****.top.key; ssl_session_timeout 5m; ssl_ciphers
ssl_certificate_key /etc/nginx/go.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1.2; # ssl_ciphers...EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH...ssl_certificate_key /etc/nginx/go.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1.2; # ssl_ciphers...EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH
ssl_certificate_key /etc/ssl证书; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers...include cert_certbot.conf; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers
cert/YOURCERT.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; #ssl_ciphers...MD5; #下面这句话可以防止某些浏览器出现 ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY 错误 ssl_ciphers EECDH+AES128
www.example.com.crt; ssl_certificate_key www.example.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers...ssl_certificate_key www.example.com.cert; 在这个例子里面,文件的访问权限应该被限制.尽管证书和私钥在一个文件里面,只有证书会被发送给客户端. ssl_protocols 和ssl_ciphers...指令可以被用来限制连接,只包含高版本的TLS和SSL/TLS的密码 从nginx 1.0.5版本开始,nginx默认使用ssl_protocols SSLv3 TLSv1和ssl_ciphers HIGH
index.htm; ssl_certificate cert/xxx.crt; ssl_certificate_key cert/xxx.key; ssl_session_timeout 5m; ssl_ciphers...index.htm; ssl_certificate cert/xxx.crt; ssl_certificate_key cert/xxx.key; ssl_session_timeout 5m; ssl_ciphers
ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!...自行设置证书 ssl_certificate_key /etc/nginx/sslkey/2_jumpserver.org.key; # 自行设置证书 ssl_session_timeout 5m; ssl_ciphers
ddnsip.cn.key; ssl_session_timeout 5m; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers...ddnsip.cn.key; ssl_session_timeout 5m; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers...ddnsip.cn.key; ssl_session_timeout 5m; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers
https/***.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers...https/***.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers...ssl_certificate_key /usr/local/https/www.localhost.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #只允许TLS协议 ssl_ciphers
/etc/nginx/ssl/web1.moeelf.com/web1.moeelf.com.key; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers.../etc/nginx/ssl/web2.moeelf.com/web2.moeelf.com.key; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers
领取专属 10元无门槛券
手把手带您无忧上云