https://www.ssllabs.com/ssltest/analyze.html?d=cablework.co
我不明白为什么它一直显示“C”。我已禁用 SSLv3。
这是我的配置文件
server {
listen 80;
listen 443 ssl spdy;
server_name cablework.co;
ssl_certificate /etc/nginx/ssl/cablework.co.pem;
ssl_certificate_key /etc/nginx/ssl/server.key;
return 301 https://www.cablework.co$request_uri;
}
server {
listen 443 ssl spdy;
ssl_certificate /etc/nginx/ssl/cablework.co.pem;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_ciphers 'AES256+EECDH:AES256+EDH';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.4.4 8.8.4.4 valid=300s;
resolver_timeout 10s;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/www.cablework.co-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
root /home/kryptonit3/cablework/public;
index index.html index.htm index.php;
server_name www.cablework.co;
}
答案1
您忘记为命名的 指定ssl_protocols
和。因此将使用默认值(无论它们是什么)。ssl_ciphers
server
cablework.co