SSL:修订间差异
跳到导航
跳到搜索
此页面具有访问限制。如果您看见此消息,则说明您没有权限访问此页面。
(→設定) |
(→設定) |
||
| (未显示同一用户的3个中间版本) | |||
| 第3行: | 第3行: | ||
== 設定 == | == 設定 == | ||
目前的設定,只支援有FS(Forward secrecy)的協定(不斷行): | 目前的設定,只支援有FS(Forward secrecy)的協定(不斷行): | ||
<pre>CHACHA20+ECDHE:AESGCM+ECDHE:AES+ECDHE:CAMELLIA+ECDHE:!ADH:!AECDH:!DSS:!ECDSA:!MD5:!SHA1</pre> | <pre>CHACHA20+ECDHE:AESGCM+ECDHE:AES+ECDHE:CAMELLIA+ECDHE:!ADH:!AECDH:!DSS:!ECDSA:!MD5:!SHA1</pre> | ||
如果要考慮到舊的瀏覽器,拿掉 SHA1 限制: | 如果要考慮到舊的瀏覽器,拿掉 SHA1 限制 ,這時候會引入<code>ECDHE-RSA-AES256-SHA</code>與<code>ECDHE-RSA-AES128-SHA</code>使用,另外需要指定<code>@SECLEVEL=1</code>(搭配新版的OpenSSL時使用) : | ||
<pre>CHACHA20+ECDHE:AESGCM+ECDHE:AES+ECDHE:CAMELLIA+ECDHE:!ADH:!AECDH:!DSS:!ECDSA:!MD5</pre> | |||
<pre>CHACHA20+ECDHE:AESGCM+ECDHE:AES+ECDHE:CAMELLIA+ECDHE:!ADH:!AECDH:!DSS:!ECDSA:!MD5:@SECLEVEL=1</pre> | |||
== 外部連結 == | == 外部連結 == | ||
* [https://mozilla.github.io/server-side-tls/ssl-config-generator/ Generate Mozilla Security Recommended Web Server Configuration Files] | * [https://mozilla.github.io/server-side-tls/ssl-config-generator/ Generate Mozilla Security Recommended Web Server Configuration Files] | ||
* [https://wiki.mozilla.org/Security/Server_Side_TLS Security/Server Side TLS - MozillaWiki] | * [https://wiki.mozilla.org/Security/Server_Side_TLS Security/Server Side TLS - MozillaWiki] | ||
2021年9月28日 (二) 05:18的最新版本
SSL(英语:Secure Sockets Layer),或TLS(英语:Transport Layer Security),是一个安全协定。
设定
目前的设定,只支援有FS(Forward secrecy)的协定(不断行):
CHACHA20+ECDHE:AESGCM+ECDHE:AES+ECDHE:CAMELLIA+ECDHE:!ADH:!AECDH:!DSS:!ECDSA:!MD5:!SHA1
如果要考虑到旧的浏览器,拿掉 SHA1 限制,这时候会引入ECDHE-RSA-AES256-SHA与ECDHE-RSA-AES128-SHA使用,另外需要指定@SECLEVEL=1(搭配新版的OpenSSL时使用):
CHACHA20+ECDHE:AESGCM+ECDHE:AES+ECDHE:CAMELLIA+ECDHE:!ADH:!AECDH:!DSS:!ECDSA:!MD5:@SECLEVEL=1