香港VPS的ssl_protocol如何配置

已关闭留言

香港VPS的ssl_protocol配置的示例:

协议配置:

Syntax: ssl_protocols [SSLv2] [SSLv3] [TLSv1] [TLSv1.1] [TLSv1.2] [TLSv1.3];

Default:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Context: http, server

加密套件配置:

Syntax: ssl_ciphers ciphers;

Default:

ssl_ciphers HIGH:!aNULL:!MD5;

Context: http, server

Nginx的虚拟主机配置,在server块内,ssl_protocols属于全局配置,而ssl_ciphers却针对特定的虚拟主机起作用,配置如下:

server {

server_name www.a.com;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256;

ssl_protocols TLSv1.2;

# 其他配置略

}

server {

server_name www.b.com;

ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

# 其他配置略

}