ssl_protocol配置的示例:
协议配置:
Syntax: ssl_protocols [SSLv2] [SSLv3] [TLSv1] [TLSv1.1] [TLSv1.2] [TLSv1.3];
Default:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Context: http, server
加密套件配置:
Syntax: ssl_ciphers ciphers;
Default:
ssl_ciphers HIGH:!aNULL:!MD5;
Context: http, server
Nginx的虚拟主机配置,在server块内,ssl_protocols属于全局配置,而ssl_ciphers却针对特定的虚拟主机起作用,配置如下:
server {
server_name www.a.com;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256;
ssl_protocols TLSv1.2;
# 其他配置略
}
server {
server_name www.b.com;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# 其他配置略
}
0 赞
0 踩