Firefox 浏览器的 nginx SSL 配置

Firefox 浏览器的 nginx SSL 配置

我似乎遇到了一个无法解决的问题。

火狐

我已经使用 Chrome、IE 和 Safari 测试了设置,似乎只有 Firefox 在我的 nginx 服务器上的 SSL 配置存在问题。原因尚不清楚,也许有人有一些解决此问题的技巧。

NGINX 配置:

upstream mysite {
    server 192.168.1.2:8080;
}

server {
    listen                  443 ssl;
    server_name             mysite.example.com;
    ssl                     on;
    ssl_certificate         /etc/ssl/certs/mysite.example.com.crt;
    ssl_certificate_key     /etc/ssl/certs/mysite.example.com.key;
    ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers       on;
    ssl_ciphers             "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
    ssl_dhparam             /etc/ssl/certs/dhparam.pem;
    ssl_session_cache       shared:SSL:10m;
    add_header              Strict-Transport-Security "max-age=15768000; includeSubDomains";
    access_log      /var/log/nginx/mysite.example.com.access.log combined;
    error_log       /var/log/nginx/mysite.example.com.error.log;
    keepalive_timeout       210;
    client_max_body_size    25M;
    location / {
            proxy_pass              http://mysite;
            proxy_next_upstream     error timeout invalid_header http_500 http_502 http_503 http_504;
            proxy_redirect          off;
            proxy_buffering         off;
            proxy_set_header        Host            mysite.example.com;
            proxy_set_header        X-Real-IP       $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

该证书是 GeoTrust G3 通配符证书。Firefox 错误/警告

相关内容