Forum » Programska oprema » Nginx TLS 1.3 | Qualys SSL "Cipher Suites"=100%?
Nginx TLS 1.3 | Qualys SSL "Cipher Suites"=100%?
HotBurek ::
Pozdravljeni.
Zanima me, če je komu uspelo postavit Nginx z TLS 1.3 podporo in doseči 4x 100% na Qualys SSL testu.
https://www.ssllabs.com/ssltest/
Men uspe 4x 100% v primeru, da je vkloplejn samo TLS 1.2. Ko pa vklopim še TLS 1.3, pa pod "Cipher Strength" pade na 90%.
Ima kdo TLS 1.3 in 100% na "Cipher Strength"?
nginx.cofig
Zanima me, če je komu uspelo postavit Nginx z TLS 1.3 podporo in doseči 4x 100% na Qualys SSL testu.
https://www.ssllabs.com/ssltest/
Men uspe 4x 100% v primeru, da je vkloplejn samo TLS 1.2. Ko pa vklopim še TLS 1.3, pa pod "Cipher Strength" pade na 90%.
Ima kdo TLS 1.3 in 100% na "Cipher Strength"?
nginx.cofig
server {
listen 127.0.0.1:443 http2 ssl;
server_name example.cum;
server_tokens off;
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
access_log /var/log/nginx/example.cum/access-https.log;
error_log /var/log/nginx/example.cum/error-https.log;
ssl_certificate /var/certificates/example.cum.pem;
ssl_certificate_key /var/certificates/example.cum.key;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+AESGCM:EDH+AESGCM:EDH+AESCCM:ECDHE+CHACHA20:DHE+CHACHA20!aNULL';
ssl_session_cache shared:TLS:2m;
ssl_buffer_size 4k;
ssl_stapling on;
ssl_stapling_verify on;
resolver 213.136.95.11 213.136.95.10 valid=300s;
resolver_timeout 5s;
ssl_ecdh_curve secp384r1;
ssl_dhparam /etc/nginx/dhparam.pem;
root /usr/share/nginx/example.cum/;
location / {
try_files $uri /test.txt =404;
}
}Cipher Suites
root@debian:/# iptraf-ng
fatal: This program requires a screen size of at least 80 columns by 24 lines
Please resize your window
fatal: This program requires a screen size of at least 80 columns by 24 lines
Please resize your window
- spremenilo: HotBurek ()
jype ::
Zanima me, če je komu uspelo postavit Nginx z TLS 1.3 podporo in doseči 4x 100% na Qualys SSL testu.Pobriši ven TLS13-AES-128-GCM-SHA256 pa poizkusi še enkrat (imo gre samo za nepomembno obliko točkovanja na testu - v resnici ta šifra ni na bistven način slabša od AES-256 različice).
Zgodovina sprememb…
- spremenilo: jype ()
Vredno ogleda ...
| Tema | Ogledi | Zadnje sporočilo | |
|---|---|---|---|
| Tema | Ogledi | Zadnje sporočilo | |
| » | Javascript DOM based XSS vulnerabilityOddelek: Programiranje | 2870 (2292) | MrStein |
| » | [Python] HTTPS na desktopu dela, na Arduinu neOddelek: Programiranje | 1405 (1018) | N4g4c3N |
| » | Nginx ne pošlje vseh HTTP headerjevOddelek: Izdelava spletišč | 1183 (1050) | BaRtMaN |
| » | Pošiljanje emaila na @siol.netOddelek: Pomoč in nasveti | 5027 (4196) | SeMiNeSanja |
| » | LinkedIn spam?Oddelek: Loža | 2755 (2187) | kunigunda |