Your browser does not support HTTP2, and test results will be inaccurate. Please use the latest version of Chrome or Firefox. (List of supported browsers).
只有 chrome 和 firefox 的用户才能正常访问吗
nginx 是不是智能判断呢?
› NGINX
› NGINX Trac
› 3rd Party Modules
› Security Advisories
› CHANGES
› OpenResty
› ngx_lua
› Tengine
在线学习资源
› NGINX 开发从入门到精通
NGINX Modules
› ngx_echo
This topic created in 3785 days ago, the information mentioned may be changed or developed.
 |
1
TrustyWolf Jan 26, 2016
不会, HTTP/2 是向下兼容的,就好比 USB3 与 USB2 的关系一样。
|
 |
2
ivmm Jan 26, 2016
不支持 h2 的,默认 http/1.1 ,你可能是安全措施做太严格了,哪些低级浏览器就不兼容了
|
 |
3
davidyin Jan 26, 2016
是不是你的 SSL 设置的关系。
|
 |
4
Flygoat Jan 26, 2016 via iPhone
可能是开了 HTTP/2 Only 。
|
 |
5
kalsolio OP @davidyin
ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers HIGH:!ADH:!EXPORT56:RC4+RSA:+MEDIUM; ssl_prefer_server_ciphers on; 提示这个了 ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY |
 |
6
raysonx Jan 26, 2016
@kalsolio 這個提示是 Chrome 給出的吧? Chrome 對安全性要求比較高,選用安全性比較低的協議和加密方式可能會導致 Chrome 拒絕 HTTPS 連接。
首先建議你關掉對 SSLv3 的支持,因為這種協議不安全。 加密算法方面我用的是 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK; |
 |
7
sin30 Jan 26, 2016
用 https://mozilla.github.io/server-side-tls/ssl-config-generator/ 生成配置
用 https://www.ssllabs.com/index.html 浏览器测试覆盖率 TLS1.0 TLS1.1 TLS1.2 开着就行, SSL 都关掉。 |
 |
8
maxsec Jan 26, 2016
cipher_suit 的问题,请去屈屈的博客
|
 |
9
qgy18 Jan 26, 2016 via iPhone
|
 |
11
Arthur2e5 Jan 26, 2016
> and test results will be inaccurate
所以那个网站测什么的?网络延迟? TLS 加密算法支持?准确性依赖 HTTP/2 特性的东西也不是不可能出现嘛。总之不要见风就是雨…… @kalsolio TLS v1.2 什么的也要啊。你不如直接用默认值( TLS v1, TLS v1.1, TLS v1.2 ): http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols |
|
12
kalsolio OP 去掉 SSLv3
使用 Ciphersuite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA chrome 已经正常访问。 |
Select Language