Your browser does not support HTTP2, and test results will be inaccurate. Please use the latest version of Chrome or Firefox. (List of supported browsers).
只有 chrome 和 firefox 的用户才能正常访问吗
nginx 是不是智能判断呢?
1
TrustyWolf 2016-01-26 16:14:33 +08:00
不会, HTTP/2 是向下兼容的,就好比 USB3 与 USB2 的关系一样。
|
2
ivmm 2016-01-26 16:51:07 +08:00
不支持 h2 的,默认 http/1.1 ,你可能是安全措施做太严格了,哪些低级浏览器就不兼容了
|
3
davidyin 2016-01-26 17:04:34 +08:00
是不是你的 SSL 设置的关系。
|
4
Flygoat 2016-01-26 17:10:05 +08:00 via iPhone
可能是开了 HTTP/2 Only 。
|
5
kalsolio OP @davidyin
ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers HIGH:!ADH:!EXPORT56:RC4+RSA:+MEDIUM; ssl_prefer_server_ciphers on; 提示这个了 ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY |
6
raysonx 2016-01-26 18:08:02 +08:00
@kalsolio 這個提示是 Chrome 給出的吧? Chrome 對安全性要求比較高,選用安全性比較低的協議和加密方式可能會導致 Chrome 拒絕 HTTPS 連接。
首先建議你關掉對 SSLv3 的支持,因為這種協議不安全。 加密算法方面我用的是 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK; |
7
sin30 2016-01-26 18:35:20 +08:00
用 https://mozilla.github.io/server-side-tls/ssl-config-generator/ 生成配置
用 https://www.ssllabs.com/index.html 浏览器测试覆盖率 TLS1.0 TLS1.1 TLS1.2 开着就行, SSL 都关掉。 |
8
maxsec 2016-01-26 18:39:11 +08:00
cipher_suit 的问题,请去屈屈的博客
|
9
qgy18 2016-01-26 20:54:01 +08:00 via iPhone
|
11
Arthur2e5 2016-01-26 22:50:46 +08:00
> and test results will be inaccurate
所以那个网站测什么的?网络延迟? TLS 加密算法支持?准确性依赖 HTTP/2 特性的东西也不是不可能出现嘛。总之不要见风就是雨…… @kalsolio TLS v1.2 什么的也要啊。你不如直接用默认值( TLS v1, TLS v1.1, TLS v1.2 ): http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols |
12
kalsolio OP 去掉 SSLv3
使用 Ciphersuite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA chrome 已经正常访问。 |