标题: [提问] 开启HTTPS只支持TLS1.2不支持1.1和1.0 [打印本页]

---

作者: lele8060    时间: 2017-12-1 21:12     标题: 开启HTTPS只支持TLS1.2不支持1.1和1.0

1. SSLEngine on
   
2. SSLCertificateFile conf/cert/xxx.com.crt
   
3. SSLCertificateKeyFile conf/cert/xxx.com.key
   
4. SSLCertificateChainFile conf/cert/xxx.com_root_bundle.crt
   
5. SSLProtocol TLSv1 TLSv1.1 TLSv1.2
   
6. SSLCipherSuite EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
   
7. DocumentRoot /www/web/xxx/public_html

复制代码

用ssllabs.com测试结果
Protocols
TLS 1.3No
TLS 1.2Yes
TLS 1.1No
TLS 1.0No
SSL 3No
SSL 2No

---

作者: lele8060    时间: 2018-5-11 16:17

终于解决了

https://serverfault.com/questions/513961/how-to-disable-tls-1-1-1-2-in-apache

First of all, you must identify what is the default vhost for port 443 in your server (the first SSL vhost loaded by Apache) and edit it's configuration file. Most users have an ssl.conf file in their servers, with a vhost for port 443 configured there. As the name of this file begins with "s", it will load before the vhosts configured in vhosts.conf (which begins with "v"). So, check if this is your case (the answer is "yes" for virtually everyone) and change the protocols in that file. That's enough!

---

作者: 乘风    时间: 2019-1-18 23:45

请问具体是怎么解决的，我试了几次，还是不行，新手请教一下

---

作者: 乘风    时间: 2019-1-18 23:47

回复 2# lele8060


   可以具体说一下你是怎么解决的吗

---

作者: 乘风    时间: 2019-1-19 10:38

回复 2# lele8060

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile conf/cert/x.star.com.crt
SSLCertificateKeyFile conf/cert/x.star.com.key
SSLCertificateChainFile conf/cert/bundle_x.star.com.crt
#SSLProtocol +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLProtocol TLSv1 TLSv1.1 TLSv1.2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4

#SSLProtocol all -SSLv2 -SSLv3
#SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
#SSLHonorCipherOrder on

---

欢迎光临 WDlinux官方论坛 (http://www.wdlinux.cn/bbs/)

Powered by Discuz! 7.2