ssl_protocol配置的示例:
協議配置:
Syntax: ssl_protocols [SSLv2] [SSLv3] [TLSv1] [TLSv1.1] [TLSv1.2] [TLSv1.3];
Default:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Context: http, server
加密套件配置:
Syntax: ssl_ciphers ciphers;
Default:
ssl_ciphers HIGH:!aNULL:!MD5;
Context: http, server
Nginx的虛擬主機配置,在server塊內,ssl_protocols屬于全局配置,而ssl_ciphers卻針對特定的虛擬主機起作用,配置如下:
server {
server_name www.a.com;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256;
ssl_protocols TLSv1.2;
# 其他配置略
}
server {
server_name www.b.com;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# 其他配置略
}
