检测到 SHA-1 密码套件
![](https://i-blog.csdnimg.cn/blog_migrate/fcac90337e76f24bee74dcbd35b1b2e7.png)
listen 443 ssl;-----------------------------------------------------域名端口
server_name *****.com; -------------------------------------域名地址
ssl_certificate ***.com.pem;-------------------------------证书
ssl_certificate_key ****.key; --------------------------------密钥
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!SHA:!MD5;-------------------限制密码套件
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2;----------------------------------------限制协议
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_connect_timeout 120;
proxy_read_timeout 120;
proxy_send_timeout 120;
proxy_pass http://127.0.0.1;
}
采用白名单的方式来处理
ssl_ciphers ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384;