技錄生活
了解行業(yè)最新資訊,把握市場(chǎng)動(dòng)態(tài)。
發(fā)布日期:2024-07-18; 點(diǎn)擊率:1744; 來(lái)源:太倉(cāng)蘇易
協(xié)議 | 發(fā)布時(shí)間 | 狀態(tài) |
---|---|---|
SSL 1.0 | 未公布 | 未公布 |
SSL 2.0 | 1995 年 | 已于 2011 年棄用 |
SSL 3.0 | 1996 年 | 已于 2015 年棄用 |
TLS 1.0 | 1999 年 | 計(jì)劃于 2020 年棄用 |
TLS 1.1 | 2006 年 | 計(jì)劃于 2020 年棄用 |
TLS 1.2 | 2008 年 | |
TLS 1.3 | 2018 年 |
conf/nginx.conf
配置如下ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
TLS1.0 TLSv1.1
、增加TLS1.3ssl_protocols TLSv1.2 TLSv1.3;
nginx -s reload
SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2
1-1. 基于RedHat的發(fā)行版(CentOS,F(xiàn)edora)配置文件/etc/httpd/conf/httpd.conf
1-2. 基于Debian的發(fā)行版(Ubuntu)配置文件/etc/apache2/sites-enabled/目錄下
+TLSv1 +TLSv1.1
、增加TLSv1.3SSLProtocol -ALL +TLSv1.2 +TLSv1.3
systemctl restart httpd# 基于Debian的發(fā)行版(Ubuntu)
service apache2 restart
conf/server.xml
配置如下SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
+TLSv1 +TLSv1.1
、增加TLS1.3SSLProtocol="TLSv1.2+TLSv1.3"
# 啟動(dòng)tomcat
bin/shutdown.sh
bin/startup.sh
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session: Protocol : TLSv1
Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1633685489 Timeout : 7200 (sec) Verify return code: 0 (ok) ---
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT --- Certificate chain 0 s:/CN=ztc.gzhuijiangyuan.com
i:/C=US/O=Let's Encrypt/CN=R3 1 s:/C=US/O=Let's Encrypt/CN=R3
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1 2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
i:/O=Digital Signature Trust Co./CN=DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- MIIFMzCCBBugAwIBAgISA7VcG2st4Mb9oRuhffYzViI9MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTA5MzAxNTE5MjhaFw0yMTEyMjkxNTE5MjdaMCExHzAdBgNVBAMT
4C7vbju3QzFzUyiu8Y3Si2V5oJbzrhIlftqQUUTU2vmMO1lmQi/uD3IqOfZZ4VXL
dcOIHmUVDAzLOMa2brg8YXSQatARlhYDjC1T2aSPMxaKjKq84SHKw67PI6PGGE0u
uYYizdj0riGDsULplmX/u7pFcaw6WjH9lBAasJqxGwFAeJ7AyK2N4D+WPz+fefsw
IAaGUCj2G8pFoKl0N5DVzqgFIWwIxrfYYqS4ogqRUFsgZpcUuTj6 -----END CERTIFICATE----- subject=/CN=www.example.com
issuer=/C=US/O=Let's Encrypt/CN=R3 --- No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 4702 bytes and written 415 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: C617C1E0D6945124100508852C5249DFD8D67F9312104C55547887B9CFD903
Session-ID-ctx: Master-Key: 3A0F9459A936B9DC12E7F60ACF67E4B7006D950494F10AE1192E37AD4A732BA3D072EB1E0B9F317710CEAB8FAA1
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - ca 53 6c fd 08 46 6e c4-3f 4f 25 43 70 22 c7 95 .Sl..Fn.?O%Cp".. 0010 - cb 45 ec fd 7c 1d 49 28-58 81 e0 4d c2 bd d1 7b .E..|.I(X..M...{ 0020 - 0c 23 42 0c c4 4d 58 f2-68 a7 0b a3 50 b0 ec e0 .#B..MX.h...P... 0030 - 7e 57 a1 6d 16 44 5b db-90 91 f1 2c 44 bf d9 78 ~W.m.D[....,D..x 0040 - c8 24 ea 0a e7 c6 55 b0-e2 42 6c 2c 49 7c 05 64 .$....U..Bl,I|.d 0050 - 33 91 48 9a a8 0f 97 8a-c7 06 4d ed 85 8b d2 48 3.H.......M....H
00a0 - 8a 8c 90 1c 8f 21 1b ad-37 61 00 b1 b4 fd 49 7b .....!..7a....I{ Start Time: 1633686054 Timeout : 7200 (sec) Verify return code: 10 (certificate has expired) --- DONE