How to secure SSL and get A+ on Qualys SSL Server Test

2609 단어 SSLnginxqualysHTTPS

Symptoms



like to get rid of ciphers marked as WEAK
htps //w w.ぁbs. 이 m/sl로 st/아나 ly 꼭. HTML
  • before



  • How to secure SSL


  • before

  • nginx.conf
    ...
        ssl_prefer_server_ciphers on;
    
        ssl_protocols TLSv1.2 TLSv1.1;
        # ssl_protocols TLSv1.2; # Score=100
    
        ssl_dhparam          /etc/nginx/dhparam.pem;
    
        ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5;!CAMELLIA";
    #    ssl_ciphers AES256+EECDH:!aNULL; # Score=100
    ...
    
  • after

  • nginx.conf
    ...
        ssl_prefer_server_ciphers on;
    
        ssl_protocols TLSv1.2 TLSv1.1;
        # ssl_protocols TLSv1.2; # Score=100
    
        ssl_dhparam          /etc/nginx/dhparam.pem;
    
    #    ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5;!CAMELLIA";
        ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!aNULL:!MD5;!CAMELLIA";
    #    ssl_ciphers AES256+EECDH:!aNULL; # Score=100
    



    Done

    좋은 웹페이지 즐겨찾기