无标题文档
wdCP系统 (介绍,功能特性,运行环境,安装说明,演示,常见问题,使用教程) wdCDN系统 (介绍,功能特性,运行环境,安装说明,演示,常见问题,使用手册)
wdOS系统 (介绍,功能特性,运行环境,安装说明,演示,常见问题,使用教程) wdDNS系统 (介绍,功能特性,运行环境,安装说明,演示,常见问题,使用手册)
注册 发贴 提问 回复-必看必看 wddns免费智能 DNS 开通 本地或虚拟机使 用wdcp 一键包在mysql编 译时"卡住"
【300G高防】双线 无视攻击 wdcp官方技术支持/服务 阿里云8折优惠券 无敌云 腾讯云优惠中,现注册更有260代金额券赠送
返回列表 发帖
提问三步曲: 提问先看教程/FAQ索引(wdcp,wdcp_v3,一键包)及搜索,会让你更快解决问题
1 提供详细,如系统版本,wdcp版本,软件版本等及错误的详细信息,贴上论坛或截图发论坛
2 做过哪些操作或改动设置等

温馨提示:信息不详,很可能会没人理你!论坛有教程说明的,也可能没人理!因为,你懂的

[提问] 开启HTTPS只支持TLS1.2不支持1.1和1.0

  1. SSLEngine on
  2. SSLCertificateFile conf/cert/xxx.com.crt
  3. SSLCertificateKeyFile conf/cert/xxx.com.key
  4. SSLCertificateChainFile conf/cert/xxx.com_root_bundle.crt
  5. SSLProtocol TLSv1 TLSv1.1 TLSv1.2
  6. SSLCipherSuite EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
  7. DocumentRoot /www/web/xxx/public_html
复制代码




用ssllabs.com测试结果
Protocols
TLS 1.3No
TLS 1.2Yes
TLS 1.1No
TLS 1.0No
SSL 3No
SSL 2No

回复 2# lele8060

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile conf/cert/x.star.com.crt
SSLCertificateKeyFile conf/cert/x.star.com.key
SSLCertificateChainFile conf/cert/bundle_x.star.com.crt
#SSLProtocol +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLProtocol TLSv1 TLSv1.1 TLSv1.2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4

#SSLProtocol all -SSLv2 -SSLv3
#SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
#SSLHonorCipherOrder on
在风中飞翔

TOP

回复 2# lele8060


   可以具体说一下你是怎么解决的吗
在风中飞翔

TOP

请问具体是怎么解决的,我试了几次,还是不行,新手请教一下
在风中飞翔

TOP

终于解决了

https://serverfault.com/questions/513961/how-to-disable-tls-1-1-1-2-in-apache

First of all, you must identify what is the default vhost for port 443 in your server (the first SSL vhost loaded by Apache) and edit it's configuration file. Most users have an ssl.conf file in their servers, with a vhost for port 443 configured there. As the name of this file begins with "s", it will load before the vhosts configured in vhosts.conf (which begins with "v"). So, check if this is your case (the answer is "yes" for virtually everyone) and change the protocols in that file. That's enough!

TOP

返回列表