“Nginx SSL 配置”的版本间的差异
跳到导航
跳到搜索
FiveYellowMice(讨论 | 贡献) (添加对 ssl_dhparam 的解释) |
FiveYellowMice(讨论 | 贡献) 小 (Change 'first' to 'beforehead') |
||
| 第3行: | 第3行: | ||
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:RSA+AESGCM:RSA+AES:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!ADH:!AECDH; | ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:RSA+AESGCM:RSA+AES:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!ADH:!AECDH; | ||
ssl_prefer_server_ciphers on; | ssl_prefer_server_ciphers on; | ||
| − | ssl_dhparam /etc/nginx/ssl/dhparams.pem; # Run `openssl dhparam -out /etc/nginx/ssl/dhparams.pem 2048` | + | ssl_dhparam /etc/nginx/ssl/dhparams.pem; # Run `openssl dhparam -out /etc/nginx/ssl/dhparams.pem 2048` beforehead |
ssl_session_cache shared:SSL:10m; | ssl_session_cache shared:SSL:10m; | ||
2017年4月21日 (五) 13:51的版本
/etc/nginx/conf.d/ssl_security.conf
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:RSA+AESGCM:RSA+AES:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!ADH:!AECDH;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhparams.pem; # Run `openssl dhparam -out /etc/nginx/ssl/dhparams.pem 2048` beforehead
ssl_session_cache shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
