WDlinux官方论坛's Archiver

lele8060 发表于 2017-12-1 21:12

开启HTTPS只支持TLS1.2不支持1.1和1.0

[code]SSLEngine on
SSLCertificateFile conf/cert/xxx.com.crt
SSLCertificateKeyFile conf/cert/xxx.com.key
SSLCertificateChainFile conf/cert/xxx.com_root_bundle.crt
SSLProtocol TLSv1 TLSv1.1 TLSv1.2
SSLCipherSuite EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
DocumentRoot /www/web/xxx/public_html[/code]



用ssllabs.com测试结果
[table=98%,rgb(253, 253, 253)]
[td][tr][td=2,1]Protocols[/td][/tr]
[tr][td]TLS 1.3[/td][td]No[/td][/tr]
[tr][td][color=green]TLS 1.2[/color][/td][td][color=green]Yes[/color][/td][/tr]
[tr][td]TLS 1.1[/td][td]No[/td][/tr]
[tr][td]TLS 1.0[/td][td]No[/td][/tr]
[tr][td]SSL 3[/td][td]No[/td][/tr]
[tr][td]SSL 2[/td][td]No[/td][/tr]
[/table]

lele8060 发表于 2018-5-11 16:17

终于解决了

https://serverfault.com/questions/513961/how-to-disable-tls-1-1-1-2-in-apache

First of all, you must identify what is the default vhost for port 443 in your server (the first SSL vhost loaded by Apache) and edit it's configuration file. Most users have an ssl.conf file in their servers, with a vhost for port 443 configured there. As the name of this file begins with "s", it will load before the vhosts configured in vhosts.conf (which begins with "v"). So, check if this is your case (the answer is "yes" for virtually everyone) and change the protocols in that file. That's enough!

乘风 发表于 2019-1-18 23:45

请问具体是怎么解决的,我试了几次,还是不行,新手请教一下

乘风 发表于 2019-1-18 23:47

[b]回复 [url=http://www.wdlinux.cn/bbs/redirect.php?goto=findpost&pid=108314&ptid=61582]2#[/url] [i]lele8060[/i] [/b]


   可以具体说一下你是怎么解决的吗

乘风 发表于 2019-1-19 10:38

[b]回复 [url=http://www.wdlinux.cn/bbs/redirect.php?goto=findpost&pid=108314&ptid=61582]2#[/url] [i]lele8060[/i] [/b]

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile conf/cert/x.star.com.crt
SSLCertificateKeyFile conf/cert/x.star.com.key
SSLCertificateChainFile conf/cert/bundle_x.star.com.crt
#SSLProtocol +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLProtocol TLSv1 TLSv1.1 TLSv1.2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4

#SSLProtocol all -SSLv2 -SSLv3
#SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
#SSLHonorCipherOrder on

页: [1]

Powered by Discuz! Archiver 7.2  © 2001-2009 Comsenz Inc.