Requirements: Disable outdated TLS protocols to ensure secure website transmission.
The TLS protocol is actually a network security transport layer protocol used to provide confidentiality and data integrity between two communication applications, TLS 1. 0 and TLS 1. 1 is the old version of the protocol released in '96 and '06 respectively.
Why disable TLS 1.0 and TLS 1.1 transport protocols
TLS1.0 and TLS1.1 protocols use weak encryption algorithms, such as DES, SHA-1, MD5, RC4, etc. The new version of the TLS protocol has been updated to TLS1.2 and TLS1.3, and the higher version of the TLS protocol will have an impact on some browsers and system compatibility, but from the perspective of Internet communication security, it is recommended to disable TLS1.0 and TLS1.1, and enable TLS1.2 and TLS1.3
The original nginx configuration is as follows:
The modified version is as follows:
Using the test tool, it was found that you can still use TLS1.0 and TLS1.1 protocols to access, but the settings are invalid, as shown in the figure below:
Found that in fact, it still needs to be modifiedssl_ciphersconfiguration, modified as follows:
The test passed, as shown in the figure below:
(End)
|
Posted on 2024-2-1 20:18:46
|
|
|
|
