四虎影视在线影院在线观看,小s货再浪些再咬紧点h,国产精品水嫩水嫩,97精产国品一二三产区

標(biāo)題: [提問(wèn)] 開啟HTTPS只支持TLS1.2不支持1.1和1.0 [打印本頁(yè)]

作者: lele8060 時(shí)間: 2017-12-1 21:12 標(biāo)題: 開啟HTTPS只支持TLS1.2不支持1.1和1.0

SSLEngine on
SSLCertificateFile conf/cert/xxx.com.crt
SSLCertificateKeyFile conf/cert/xxx.com.key
SSLCertificateChainFile conf/cert/xxx.com_root_bundle.crt
SSLProtocol TLSv1 TLSv1.1 TLSv1.2
SSLCipherSuite EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
DocumentRoot /www/web/xxx/public_html

復(fù)制代碼

用ssllabs.com測(cè)試結(jié)果
Protocols
TLS 1.3No
TLS 1.2Yes
TLS 1.1No
TLS 1.0No
SSL 3No
SSL 2No

作者: lele8060 時(shí)間: 2018-5-11 16:17

終于解決了

https://serverfault.com/questions/513961/how-to-disable-tls-1-1-1-2-in-apache

First of all, you must identify what is the default vhost for port 443 in your server (the first SSL vhost loaded by Apache) and edit it's configuration file. Most users have an ssl.conf file in their servers, with a vhost for port 443 configured there. As the name of this file begins with "s", it will load before the vhosts configured in vhosts.conf (which begins with "v"). So, check if this is your case (the answer is "yes" for virtually everyone) and change the protocols in that file. That's enough!

作者: 乘風(fēng) 時(shí)間: 2019-1-18 23:45

請(qǐng)問(wèn)具體是怎么解決的，我試了幾次，還是不行，新手請(qǐng)教一下

作者: 乘風(fēng) 時(shí)間: 2019-1-18 23:47

回復(fù) 2# lele8060

可以具體說(shuō)一下你是怎么解決的嗎

作者: 乘風(fēng) 時(shí)間: 2019-1-19 10:38

回復(fù) 2# lele8060

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile conf/cert/x.star.com.crt
SSLCertificateKeyFile conf/cert/x.star.com.key
SSLCertificateChainFile conf/cert/bundle_x.star.com.crt
#SSLProtocol +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLProtocol TLSv1 TLSv1.1 TLSv1.2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4

#SSLProtocol all -SSLv2 -SSLv3
#SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
#SSLHonorCipherOrder on

歡迎光臨 WDlinux官方論壇 (http://cd-genova.com/bbs/)