You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
这个配置下由于nginx默认最高协议版本为TLS1.2且未配置TLS1.2相关套件,故报错”No ciphers enabled for max supported SSL/TLS version“,可以通过配置“ssl_protocols TLSv1.3;”规避。(TLS1.3套件不通过"ssl_ciphers"配置且默认使能),此时结果也是“密信是SM访问(因为密信默认先SM),360安全和火狐是RSA访问”
nginx配置SM和RSA双证书,想通过 ssl_ciphers 来配置 优先使用 SM密码套件,还是RSA密码套件,但SM密码套件似乎不生效。
请问是否我的配置/测试有误?
基本配置:
# sm
ssl_certificate /etc/nginx/certs/SS.crt;
ssl_certificate_key /etc/nginx/certs/SS.key;
ssl_certificate /etc/nginx/certs/SE.crt;
ssl_certificate_key /etc/nginx/certs/SE.key;
# rsa
ssl_certificate /etc/nginx/certs_inter/server.crt;
ssl_certificate_key /etc/nginx/certs_inter/server.key;
浏览器:
密信、360安全、火狐浏览器
配置1:
ssl_ciphers "ECC-SM4-SM3:ECDHE-SM4-SM3";
ssl_prefer_server_ciphers on;
配置2:
ssl_prefer_server_ciphers on;
配置3:
ssl_prefer_server_ciphers on;
ssl_ciphers "ECC-SM4-SM3:ECDHE-SM4-SM3:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
The text was updated successfully, but these errors were encountered: