“Nginx SSL 配置”的版本间的差异
跳到导航
跳到搜索
FiveYellowMice(讨论 | 贡献) |
FiveYellowMice(讨论 | 贡献) |
||
| 第1行: | 第1行: | ||
<code>/etc/nginx/conf.d/ssl_security.conf</code><syntaxhighlight lang="nginx"> | <code>/etc/nginx/conf.d/ssl_security.conf</code><syntaxhighlight lang="nginx"> | ||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | ||
| + | ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:RSA+AESGCM:RSA+AES:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!ADH:!AECDH; | ||
ssl_prefer_server_ciphers on; | ssl_prefer_server_ciphers on; | ||
| − | + | ssl_dhparam /etc/nginx/ssl/dhparams.pem; | |
ssl_session_cache shared:SSL:10m; | ssl_session_cache shared:SSL:10m; | ||
2016年6月7日 (二) 09:52的版本
/etc/nginx/conf.d/ssl_security.conf
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:RSA+AESGCM:RSA+AES:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!ADH:!AECDH;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_session_cache shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
