ssl检测
yum install nmap -y
nmap -sV -p 443 --script ssl-enum-ciphers xxx.com

nginx配置
server {
listen 443 ssl;
server_name xxx.com;
index index.html index.htm index.php;
root /www/xxx;
ssl_certificate /sslkey/xxx.com.pem;
ssl_certificate_key /sslkey/xxx.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!3DES;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
}

http强制转https
server {
listen 80;
server_name xxx.com;
return 301 https://www.xxx.com$request_uri;
}



Copyright © 2025 趣木屋 粤ICP备15009029号