即使我添加了SSLlabs,SSLlabs仍会显示以下消息 ssl_session_cache
Session resumption (caching) No (IDs assigned but not accepted)
这是我的完整配置
server {
listen 443 spdy; #Change to 443 when SSL is on
ssl on;
ssl_certificate /etc/ssl/domain.com_bundle.crt;
ssl_certificate_key /etc/ssl/domain.com.key.nopass;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_buffer_size 8k;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/trustchain.crt;
resolver 8.8.8.8 8.8.4.4;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
#rest config goes here
}
dam*_*wab 34
SSL Labs不认为SNI可供客户端使用,因此它仅测试默认虚拟服务器.
问题可能是您没有在默认服务器上启用SSL会话缓存.要启用它,您只需要将该ssl_session_cache行添加到您的default_server.或者,如果您希望该配置能够跨所有nginx虚拟服务器(我建议使用),您可以将该ssl_session_cache行移到服务器声明之外,因此它适用于所有这些服务器.
这是我使用的配置:
# All your server-wide SSL configuration
# Enable SSL session caching for improved performance
# http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache
ssl_session_cache shared:ssl_session_cache:10m;
server {
# All your normal virtual server configuration
}
资料来源:
| 归档时间: |
|
| 查看次数: |
13466 次 |
| 最近记录: |