https://www.openssl.org/source/openssl-1.0.2n.tar.gz
#增加
--with-openssl-opt=enable-tls1_3

--user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-ipv6 --with-http_sub_module --with-openssl=../openssl-1.0.2n --with-openssl-opt=enable-tls1_3 --with-ld-opt=-ljemalloc --add-module=../nginx-rtmp-module-master --add-module=../ngx_devel_kit-0.3.0 --add-module=../lua-nginx-module-0.10.12rc1 --add-module=../echo-nginx-module --with-stream --with-stream_ssl_module

#ssl_ciphers改为:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # 增加 TLSv1.3
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;

#配置文件
listen 443 ssl;
ssl_certificate ssl/server.pem;
ssl_certificate_key ssl/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3;
ssl_prefer_server_ciphers on;

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注

Captcha Code