【如何在SSLlabs得到A+】DH密钥增强

在之前迁移的时候)
我做上了ssl
但是一直测ssl labs的时候出来b
就看到是dh的加密协议问题
于是我删除了所有dh的cipher
但是问题并没有解决
后来在查谷狗的时候发现一篇文章的思路
是替换一个自己的2048bit的dh密钥
怎么办呢)

openssl dhparam -out /usr/local/nginx/conf/ssl/dh.pem 2048

建议用2048的(4096要生成很久很久很久…….
然后做好了dh
怎么让nginx读取这个dh呢)

ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:RSA+AESGCM:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS; ssl_dhparam /usr/local/nginx/conf/ssl/dh.pem; ssl_prefer_server_ciphers on; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /usr/local/nginx/conf/ssl/globalsign.crt; ssl_session_timeout 10m;

就是中间那行 ssl_dhparam )

Comments : 2

  1. AustARIC

    Cialis Posologia Viagra Due Volte Al Giorno cialis overnight shipping from usa Finasteride Tablets 5mg Where To Buy Propecia 0.5 Mg 1mg Amoxicillin Dosage For Kittens

  2. AustARIC

    Allergic Reactions To Amoxil Viagraformen buy generic cialis Priligy Fachinformation Cialis Generika Berlin Cialis Prix France Pharmacie

发表留言

人生在世,错别字在所难免,无需纠正。