When I submit my site to ssllabs I get the following message:Java 7u25 Server sent fatal alert: handshake_failure如果仅在nginx配置中注释ssl_ciphers行,则与Java 7的通信开始起作用.If I just comment the ssl_ciphers line in nginx configuration, than the communication with Java 7 starts to work.# After commenting the line below it works# ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";所以我从 ssllabs 收到以下消息:So I get the following message from ssllabs:Java 7u25 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA我不想让ssl_ciphers行注释,因为nginx将使用其默认配置,该配置不太安全.I would not like to let the ssl_ciphers line commented, because nginx would use its default configuration, which is less secure.我只想将密码TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA添加到ssl_ciphers列表中.I would like just to add the cipher TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA to the ssl_ciphers list.有可能吗?怎么做?推荐答案来自 OpenSSL的密码列表或这张来自testsl.sh的漂亮表,对应于ECDHE-RSA-AES128-SHA.因此,您需要将ssl_ciphers指令设置为From OpenSSL's cipher list or this nice table from testssl.sh, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA corresponds to ECDHE-RSA-AES128-SHA. So you'd set your ssl_ciphers directive to ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-SHA"; 这篇关于如何在nginx的ssl_ciphers中添加ssl密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!
09-15 09:40
查看更多