Spdycheck 正常,但 Chrome 42 未启用 Spdy

Spdycheck 正常,但 Chrome 42 未启用 Spdy

我正在尝试使用 Nginx 1.8.0 实现 spdy 协议。我已经使用 spdy 模块构建了它。

当我通过 spdycheck.org 检查我的网站时,一切都是绿色的,并说支持 spdy 3.1,但 Chrome 42 中的 chrome 扩展没有显示绿色箭头,并说它未启用。我还检查了 chrome://net-internals/#spdy,我的网站没有列在那里。

我在 StartSSL 获得了我的 SHA2 证书。

SSL Labs 给了我 A+ 等级,几乎是完美的分数。

Nginx 配置:

server {
    listen         xx.xx.xx.xx:80;
    server_name    domain.com www.domain.com;
    return         301 https://www.domain.com$request_uri;
}

server {
    listen         xx.xx.xx.xx:443 ssl spdy;
    server_name    domain.com www.domain.com;

    if ($host = 'domain.com' ) {
        return 301 https://www.domain.com$request_uri;
    }

    if ($host = 'it.domain.com' ) {
        return 301 http://it.domain.com$request_uri;
    }

    ssl on;
    ssl_prefer_server_ciphers    on;
    ssl_session_cache            shared:SSL:10m;
    ssl_session_timeout          10m;
    ssl_protocols                TLSv1 TLSv1.1 TLSv1.2;
    # Cloudflare recommended
    ssl_ciphers                  EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    # Mozilla recommended
    #ssl_ciphers                  'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_certificate              /var/nginx/ssl/site.crt;
    ssl_certificate_key          /var/nginx/ssl/site.key;
    ssl_dhparam                  /var/nginx/ssl/dhparam.pem;
    ssl_trusted_certificate      /var/nginx/ssl/startssl_trust_chain.crt;
    ssl_stapling                 on;
    ssl_stapling_verify          on;
    resolver                     8.8.8.8 8.8.4.4 valid=300s;

    add_header    Strict-Transport-Security "max-age=63072000; preload";
    add_header    X-Frame-Options "DENY";
    add_header    X-Content-Type-Options nosniff;

    access_log    /home/virtual/domain.com/logs/access.log main;
    error_log     /home/virtual/domain.com/logs/error.log notice;
    root          /home/virtual/domain.com/subs/www;
    index         index.php index.html;

    rewrite ^/it\.html http://it.domain.com permanent;

    location ~* ^.+\.(jpg|jpeg|gif|png|js|css|ico|swf)$ {
        expires    30d;
        access_log off;
    }

    location ~ /\. {
         deny all;
    }

    location ~ \.php$ {
        try_files                $uri =404;
        fastcgi_split_path_info  ^(.+\.php)(/.+)$;

        fastcgi_pass             phpfarm;
        fastcgi_index            index.php;
        fastcgi_param            SCRIPT_FILENAME  /home/virtual/domain.com/subs/www/$fastcgi_script_name;
        fastcgi_buffer_size      32k;
        fastcgi_buffers          32 32k;
        fastcgi_intercept_errors on;
        include                  /var/nginx/conf/fastcgi.conf;

        if ($request_uri ~* "^/index.php\??$") {
            rewrite ^/.*$ http://$host? permanent;
        }
    }
}

有谁知道它为什么不起作用?

谢谢!

答案1

我找到了解决方案,但我不知道它是 Chrome 缓存还是 Avast。

清空整个浏览器缓存、删除所有浏览器数据并禁用 Avast 10 分钟后,它开始显示绿色箭头。

现在,即使 Avast 已启用,它仍会显示。

编辑

这是 Avast 的错。Web Shield HTTPS 扫描存在一些问题。

答案2

您可以尝试使用 ECDHE-RSA-AES128-GCM-SHA256 密码吗?这对我有用。我使用的是谷歌浏览器版本 44.0.2403.125 m

相关内容