参考韩艺博的博客)) view English version

在nginx配置中插入

ssl on;
ssl_certificate       /path/to/your/certificate.crt;
ssl_certificate_key  /path/to/your/private.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;';
ssl_session_cache    shared:SSL:1m;
ssl_session_timeout  5m;
ssl_session_tickets off;
ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
ssl_prefer_server_ciphers  on;

注意ssl_session_cache等配置不要和vhost中的配置有冲突!

标签: nginx, tls 1.3, vps, 服务器

添加新评论