问题:浏览器提示客户端和服务器不支持一般 SSL 协议版本或加密套件。
谷歌浏览器-71
Nginx-1.14.2
OpenSSL-1.1.1a
Nginx 编译参数:
./configure --prefix=/usr/local/nginx --user=nobody --group=nobody --with-threads --with-http_ssl_module --with-http_v2_module --with-pcre --with-openssl=/usr/local/yuanma/openssl-1.1.1a --with-zlib=/usr/local/yuanma/zlib-1.2.11 --with-cc-opt=-DTCP_FASTOPEN=23 && make && make install
Nginx 配置文件( ssl 部分):
ssl_certificate /usr/local/nginx/ssl/ssl.pem; ssl_certificate_key /usr/local/nginx/ssl/ssl.key; ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_session_cache shared:SSL:5m; ssl_session_timeout 5m; ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256;; ssl_prefer_server_ciphers on;