This topic created in 4074 days ago, the information mentioned may be changed or developed.
 | 1 Tianpu Mar 6, 2015  1 基本配置+ocsp+hsts就是A+ 全部100没什么意义,要牺牲很多兼容性 http://blog.ricardomacas.com/index.php?cOntroller=post&action=view&id_post=2 |
 | 2 zhttty Mar 6, 2015 via Android 1 |
 | 4 futursolo Mar 6, 2015 有办法,只是要牺牲IE6和Android 2.3 |
| 5 futursolo Mar 6, 2015 将Nginx和OpenSSL更新到最新并使用以下配置就可以达到A+。 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers CHACHA20:AES128:AES256:GCM:!DH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS; add_header Strict-Transport-Security max-age=31536000; ssl_prefer_server_ciphers on |
 | 6 liuchen9586 Mar 6, 2015 用SHA256证书(注意补全中间链),开启长HSTS(Nginx可以做到),SSL方式选TLS 1.0 / 1.1 / 1.2 即可。 |
 | 8 ls25145 Mar 6, 2015 我说怎么地址栏里原来的三角感叹号变成锁了呢 |
 | 9 blahgeek Mar 8, 2015 那个网站本身也只有A+... https://www.ssllabs.com/ssltest/analyze.html?d=ssllabs.com |
 | 10 xiaozhizhu1997 Mar 10, 2015 via Android 关键就是忽略掉SSL3.0,不过会间接放弃对IE6及更低版本的支持 事实证明SSL3.0真的不安全了 |
Select Language