欢迎来到好人卡资源网,专注网络技术资源收集,我们不仅是网络资源的搬运工,也生产原创资源。寻找资源请留言

网站服务器配置TLS1.3教程,使你的网站支持最新的TLS1.3传输协议

linux sky995 2年前 (2020-07-10) 721次浏览 0个评论

TLS的发展有20多年的历史,在之前的版本中,TLS 1.2是高度可配置的,为了更好的兼容旧版本的浏览器,这意味着那些易受攻击的站点始终在运行着不安全的加密算法,这让互联网黑客有可乘之机。TLS 1.3在之前版本的基础上删除了那些不安全的加密算法。本次给大家带来的就是最新TLS1.3配置教程。

一、TLS1.3的好处

  • 更快的访问速度
  • 更强的安全性

二、配置教程

宝塔面板用户配置非常简单!宝塔NGINX1.15往后的版本都支持TLS 1.3协议。修改网站配置文件为如下内容即可

<span class="pln">ssl_protocols </span><span class="typ">TLSv1</span><span class="pun">.</span><span class="lit">2</span> <span class="typ">TLSv1</span><span class="pun">.</span><span class="lit">3</span><span class="pun">;</span><span class="pln">
ssl_ciphers TLS13</span><span class="pun">-</span><span class="pln">AES</span><span class="pun">-</span><span class="lit">256</span><span class="pun">-</span><span class="pln">GCM</span><span class="pun">-</span><span class="pln">SHA384</span><span class="pun">:</span><span class="pln">TLS13</span><span class="pun">-</span><span class="pln">CHACHA20</span><span class="pun">-</span><span class="pln">POLY1305</span><span class="pun">-</span><span class="pln">SHA256</span><span class="pun">:</span><span class="pln">TLS13</span><span class="pun">-</span><span class="pln">AES</span><span class="pun">-</span><span class="lit">128</span><span class="pun">-</span><span class="pln">GCM</span><span class="pun">-</span><span class="pln">SHA256</span><span class="pun">:</span><span class="pln">TLS13</span><span class="pun">-</span><span class="pln">AES</span><span class="pun">-</span><span class="lit">128</span><span class="pun">-</span><span class="pln">CCM</span><span class="pun">-</span><span class="lit">8</span><span class="pun">-</span><span class="pln">SHA256</span><span class="pun">:</span><span class="pln">TLS13</span><span class="pun">-</span><span class="pln">AES</span><span class="pun">-</span><span class="lit">128</span><span class="pun">-</span><span class="pln">CCM</span><span class="pun">-</span><span class="pln">SHA256</span><span class="pun">:</span><span class="pln">EECDH</span><span class="pun">+</span><span class="pln">CHACHA20</span><span class="pun">:</span><span class="pln">EECDH</span><span class="pun">+</span><span class="pln">CHACHA20</span><span class="pun">-</span><span class="pln">draft</span><span class="pun">:</span><span class="pln">EECDH</span><span class="pun">+</span><span class="pln">ECDSA</span><span class="pun">+</span><span class="pln">AES128</span><span class="pun">:</span><span class="pln">EECDH</span><span class="pun">+</span><span class="pln">aRSA</span><span class="pun">+</span><span class="pln">AES128</span><span class="pun">:</span><span class="pln">RSA</span><span class="pun">+</span><span class="pln">AES128</span><span class="pun">:</span><span class="pln">EECDH</span><span class="pun">+</span><span class="pln">ECDSA</span><span class="pun">+</span><span class="pln">AES256</span><span class="pun">:</span><span class="pln">EECDH</span><span class="pun">+</span><span class="pln">aRSA</span><span class="pun">+</span><span class="pln">AES256</span><span class="pun">:</span><span class="pln">RSA</span><span class="pun">+</span><span class="pln">AES256</span><span class="pun">:</span><span class="pln">EECDH</span><span class="pun">+</span><span class="pln">ECDSA</span><span class="pun">+</span><span class="lit">3DES</span><span class="pun">:</span><span class="pln">EECDH</span><span class="pun">+</span><span class="pln">aRSA</span><span class="pun">+</span><span class="lit">3DES</span><span class="pun">:</span><span class="pln">RSA</span><span class="pun">+</span><span class="lit">3DES</span><span class="pun">:!</span><span class="pln">MD5</span><span class="pun">;</span>

三、其他说明

  • 目前最新的Chrome和Firefox浏览器都已支持 TLS 1.3协议,但需要手动开启,Chrome中需要将chrome://flags/ 中的 Maximum TLS version enabled 改为 TLS 1.3 Chrome 62 中需要将 TLS 1.3 改为 Enabled (Draft)即可。
  • Firefox中,将 about:config 中的 security.tls.version.max 改为4即可

好人卡资源网 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:网站服务器配置TLS1.3教程,使你的网站支持最新的TLS1.3传输协议
喜欢 (0)
发表我的评论
取消评论

表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址