尽管已安装并启用 mod_ssl/openssl,但服务器仍显示没有可用的 TLS/SSL 协议

尽管已安装并启用 mod_ssl/openssl,但服务器仍显示没有可用的 TLS/SSL 协议

我正在尝试将 SSL 证书添加到我的服务器,但是当我通过浏览器连接时,它会引发错误(Chrome 中为 ERR_SSL_PROTOCOL_ERROR)。

使用 testssh 确认了这一点(https://testssl.sh/

 Testing protocols via sockets except NPN+ALPN 

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    not offered
 TLS 1.3    not offered

在服务器上我可以看到 mod_ssl 和 openssl 已安装:

sudo yum list installed *ssl*
Loaded plugins: priorities, update-motd, upgrade-helper
Installed Packages
mod24_ssl.x86_64
openssl.x86_64
openssl-devel.x86_64   

这是我的虚拟主机的 .conf 文件(*:80 除外):

<VirtualHost *:443>
  ServerName freedomtospeakup.com
  ServerAlias www.freedomtospeakup.com
  DocumentRoot "/var/www/f2su"
  DirectoryIndex index.php
  ErrorLog /var/log/httpd/f2su-error_log
  CustomLog /var/log/httpd/f2su-access_log combined

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLHonorCipherOrder on
  SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRS
A+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
  SSLCertificateFile /etc/letsencrypt/live/freedomtospeakup.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/freedomtospeakup.com/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/freedomtospeakup.com/chain.pem

  <Directory "/var/www/f2su">
    AllowOverride All
    Allow from All
  </Directory>
</VirtualHost>

证书似乎没问题,这是我执行 sudo ./certbot-auto certificates 时得到的结果

  Certificate Name: freedomtospeakup.com
    Domains: freedomtospeakup.com www.freedomtospeakup.com
    Expiry Date: 2019-10-27 12:53:18+00:00 (VALID: 87 days)
    Certificate Path: /etc/letsencrypt/live/freedomtospeakup.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/freedomtospeakup.com/privkey.pem

这是我迄今为止尝试过的:

  • yum 更新(没有需要更新的软件包)
  • 日期(正确)
  • 重新启动服务器(无变化)
  • 检查防火墙以确保 443 已打开(确实如此)
  • 使用另一台正常运行的服务器检查了 ssl.conf(没有差异)

我还可以检查其他什么吗?

相关内容