Ssl nginx中不支持加密协议,即使我有密钥和证书
这是工作得很好,但出于某种原因,它开始不起作用。我有一个777文件夹中的ssl文件。这是我的nginx配置:Ssl nginx中不支持加密协议,即使我有密钥和证书,ssl,nginx,https,Ssl,Nginx,Https,这是工作得很好,但出于某种原因,它开始不起作用。我有一个777文件夹中的ssl文件。这是我的nginx配置: keepalive_timeout 70; ssl_certificate /path/to/crt; ssl_certificate_key /path/to/key; #these are both correct #the rest of this file is shown as it is ssl_session_
keepalive_timeout 70;
ssl_certificate /path/to/crt;
ssl_certificate_key /path/to/key; #these are both correct
#the rest of this file is shown as it is
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
#ssl_dhparam /path/to/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#I had 'modern' (no TLSv1). Tried to add it to see if it would fix but it didn't
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256$
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermedia$
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
#resolver <IP DNS resolver>;
当我执行一个sudo服务nginx restart
时,不会出现任何错误,它会正常启动。有人知道会发生什么吗?非常感谢你的帮助
通过firefox访问时,我得到“安全连接失败”,通过chrome访问时,我得到“SSL连接错误:错误SSL协议错误”这可能是由于名称服务器造成的吗?我最近尝试启用cloudflare,因此我怀疑流量是否被严重操纵
这是一组非常严格的密码,您在这里尝试使用。这些都是只有TLS 1.2支持的GCM密码-这意味着您选择接受TLS 1.0和TLS 1.1流量是无用的。可能并非所有浏览器都支持这些密码。有关建议的配置,请参阅
除此之外,您显示的语法是错误的,即它的行不应以
$
结尾,而应以'结尾代码>。但这可能只是你问题中的一个输入错误 请发布nginx配置的完整版本。我假设您的配置中设置的listen参数可能有错误。
Certificate: untrusted, bits, signature
TLS ticket lifetime hint:
OCSP stapling: not supported
Cipher ordering: server
Curves ordering: none - fallback: no
Renegotiation test error
Supported compression methods test error
TLS Tolerance: no
Fallbacks required:
big-SSLv3 config not supported, connection failed
big-TLSv1.0 config not supported, connection failed
big-TLSv1.1 config not supported, connection failed
big-TLSv1.2 config not supported, connection failed
small-SSLv3 config not supported, connection failed
small-TLSv1.0 config not supported, connection failed
small-TLSv1.0-notlsext config not supported, connection failed
small-TLSv1.1 config not supported, connection failed
small-TLSv1.2 config not supported, connection failed
v2-big-TLSv1.2 config not supported, connection failed
v2-small-SSLv3 config not supported, connection failed
v2-small-TLSv1.0 config not supported, connection failed
v2-small-TLSv1.1 config not supported, connection failed
v2-small-TLSv1.2 config not supported, connection failed
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256$