nginx tlsv1.3配置

server {
#这里开始
listen 443 ssl;
server_name localhost;
ssl_certificate /usr/local/nginx/conf/cert/xxx.com.pem; #证书的路径
ssl_certificate_key /usr/local/nginx/conf/cert/xxx.com.key; #私钥的路径
ssl_session_timeout 5m;
ssl_protocols TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
# ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
#到这里结束

 

 

 

 

 

server {

listen 443;

server_name www.domain.com;

#填写绑定证书的域名 ssl on;

ssl_certificate 1_www.domain.com_bundle.crt;

ssl_certificate_key 2_www.domain.com.key;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;#按照这个协议配置

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置

ssl_prefer_server_ciphers on;

location / {

root html; #站点目录

index index.html index.htm;

}

}