堆栈内存溢出
  繁体   English   中英

nginx 禁用 tls v1.0 和 v1.1 不工作

[英]nginx disable tls v1.0 & v1.1 not working

 原文  2022-05-25 14:55:53       php/ nginx/ tls1.2

问题描述

我试图通过 nginx 在我的网络服务器上禁用 tls v1.0 和 tls v1.1,但是当我使用tls checker测试 tls 时,它不起作用并且仍然显示 tls v1.0 和 v1.1 已启用。

下面是我的nginx.conf

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    client_max_body_size 100M;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

    server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name test.mydomain.com;
        return 301 https://$server_name$request_uri;
    }

    # Settings for a TLS enabled server.
    #
    server {
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;
        server_name test.mydomain.com;
        include self-signed.conf;
        
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers off;
        ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA";
        
        root /usr/share/nginx/html/public;
        index index.php index.htm index.html;
        
        location / {
            try_files $uri $uri/ /index.php?$query_string;
        }

        location ~ .php$ {
            try_files $uri =404;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }
    }
}

以下是 tls 检查器的结果:

启用 tls

任何建议都会很有帮助

1 个解决方案

解决方案1
 0 已采纳  2022-05-26 14:13:10

我发现在 nginx web 服务器前面运行着 AWS Web Application Firewall。 从那里删除 TLS v1.0、v1.1 解决了这个问题。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 通过TLS v1.0卷曲请求 Twitter搜索API v1.1无法正常工作 Twitter API v1.1 Laravel Voyager v1.1 日期格式不起作用 禁用TLS1.0和TLS 1.1 Pregmatch以在PHP中获取'v1.0'WebcamJS PHP cURL OAuth v1.0 Zend_Service_Twitter - 准备好API v1.1 Mailchimp API v1.1 listUpdateMember如何发送复选框字段? 使用PHP的Twitter REST API v1.1简单请求示例
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM