xshell 大佬有话说 :
nginx tls1.1的疑问,屌大的MJJ进
#ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_protocols TLSv1.2 TLSv1.3;
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on; #开启stapling
ssl_stapling_verify on; #开启stapling验证
error_page 497https://$host$request_uri;
tls1.1明明是注释的,为什么检测工具还是检测到支持1.1???
lzw 大佬有话说 :
看一下不带sni的默认站点是否开启了tls1.1