永久黄网站色视频免费直播,yy6080三理论日本中文,亚洲无码免费在线观看视频,欧美日韩精品一区二区在线播放

標(biāo)題: [提問(wèn)] 開(kāi)啟HTTPS只支持TLS1.2不支持1.1和1.0 [打印本頁(yè)]

作者: lele8060 時(shí)間: 2017-12-1 21:12 標(biāo)題: 開(kāi)啟HTTPS只支持TLS1.2不支持1.1和1.0

SSLEngine on
SSLCertificateFile conf/cert/xxx.com.crt
SSLCertificateKeyFile conf/cert/xxx.com.key
SSLCertificateChainFile conf/cert/xxx.com_root_bundle.crt
SSLProtocol TLSv1 TLSv1.1 TLSv1.2
SSLCipherSuite EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
DocumentRoot /www/web/xxx/public_html

復(fù)制代碼

用ssllabs.com測(cè)試結(jié)果
Protocols
TLS 1.3No
TLS 1.2Yes
TLS 1.1No
TLS 1.0No
SSL 3No
SSL 2No

作者: lele8060 時(shí)間: 2018-5-11 16:17

終于解決了

https://serverfault.com/questions/513961/how-to-disable-tls-1-1-1-2-in-apache

First of all, you must identify what is the default vhost for port 443 in your server (the first SSL vhost loaded by Apache) and edit it's configuration file. Most users have an ssl.conf file in their servers, with a vhost for port 443 configured there. As the name of this file begins with "s", it will load before the vhosts configured in vhosts.conf (which begins with "v"). So, check if this is your case (the answer is "yes" for virtually everyone) and change the protocols in that file. That's enough!

作者: 乘風(fēng) 時(shí)間: 2019-1-18 23:45

請(qǐng)問(wèn)具體是怎么解決的，我試了幾次，還是不行，新手請(qǐng)教一下

作者: 乘風(fēng) 時(shí)間: 2019-1-18 23:47

回復(fù) 2# lele8060

可以具體說(shuō)一下你是怎么解決的嗎

作者: 乘風(fēng) 時(shí)間: 2019-1-19 10:38

回復(fù) 2# lele8060

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile conf/cert/x.star.com.crt
SSLCertificateKeyFile conf/cert/x.star.com.key
SSLCertificateChainFile conf/cert/bundle_x.star.com.crt
#SSLProtocol +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLProtocol TLSv1 TLSv1.1 TLSv1.2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4

#SSLProtocol all -SSLv2 -SSLv3
#SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
#SSLHonorCipherOrder on

歡迎光臨 WDlinux官方論壇 (http://www.fsowen.com/bbs/)