• TLS安全策略等级

    TLS安全策略包含HTTPS可选的TLS协议版本和配套的加密算法套件。TLS协议版本越高,HTTPS通信的安全性越高,但是相较于低版本TLS协议,高版本TLS协议对浏览器的兼容性较差。

    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_protocols TLSv1.1 TLSv1.2;

    ssl-protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"
ssl-ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"

    TLS安全策略

    安全策略 支持TLS版本 支持加密算法套件
    tls_cipher_policy_1_0 TLSv1.0、TLSv1.1和TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256、ECDHE-ECDSA-AES256-GCM-SHA384、ECDHE-ECDSA-AES128-SHA256、ECDHE-ECDSA-AES256-SHA384、ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、AES128-GCM-SHA256、AES256-GCM-SHA384、AES128-SHA256、AES256-SHA256、ECDHE-ECDSA-AES128-SHA、ECDHE-ECDSA-AES256-SHA、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA、AES128-SHA、AES256-SHA、DES-CBC3-SHA
    tls_cipher_policy_1_1 TLSv1.1和TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256、ECDHE-ECDSA-AES256-GCM-SHA384、ECDHE-ECDSA-AES128-SHA256、ECDHE-ECDSA-AES256-SHA384、ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、AES128-GCM-SHA256、AES256-GCM-SHA384、AES128-SHA256、AES256-SHA256、ECDHE-ECDSA-AES128-SHA、ECDHE-ECDSA-AES256-SHA、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA、AES128-SHA、AES256-SHA、DES-CBC3-SHA
    tls_cipher_policy_1_2 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256、ECDHE-ECDSA-AES256-GCM-SHA384、ECDHE-ECDSA-AES128-SHA256、ECDHE-ECDSA-AES256-SHA384、ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、AES128-GCM-SHA256、AES256-GCM-SHA384、AES128-SHA256,AES256-SHA256、ECDHE-ECDSA-AES128-SHA、ECDHE-ECDSA-AES256-SHA、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA、AES128-SHA、AES256-SHA、DES-CBC3-SHA
    tls_cipher_policy_1_2_strict TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256、ECDHE-ECDSA-AES256-GCM-SHA384、ECDHE-ECDSA-AES128-SHA256、ECDHE-ECDSA-AES256-SHA384、ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、ECDHE-ECDSA-AES128-SHA、ECDHE-ECDSA-AES256-SHA、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA
    tls_cipher_policy_1_2_strict_with_1_3 TLSv1.2及TLSv1.3 TLS_AES_128_GCM_SHA256、TLS_AES_256_GCM_SHA384、TLS_CHACHA20_POLY1305_SHA256、TLS_AES_128_CCM_SHA256、TLS_AES_128_CCM_8_SHA256、ECDHE-ECDSA-AES128-GCM-SHA256、ECDHE-ECDSA-AES256-GCM-SHA384、ECDHE-ECDSA-AES128-SHA256、ECDHE-ECDSA-AES256-SHA384、ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、ECDHE-ECDSA-AES128-SHA、ECDHE-ECDSA-AES256-SHA、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA

    TLS安全策略支持的加密算法套件

    安全策略 tls_cipher_policy_1_0 tls_cipher_policy_1_1 tls_cipher_policy_1_2 tls_cipher_policy_1_2_strict tls_cipher_policy_1_2_strict_with_1_3
    TLS 1.2、1.1及1.0 1.1及1.2 1.2 1.2 1.2及1.3
    CIPHER ECDHE-RSA-AES128-GCM-SHA256
    ECDHE-RSA-AES256-GCM-SHA384
    ECDHE-RSA-AES128-SHA256
    ECDHE-RSA-AES256-SHA384
    AES128-GCM-SHA256 - -
    AES256-GCM-SHA384 - -
    AES128-SHA256 - -
    AES256-SHA256 - -
    ECDHE-RSA-AES128-SHA
    ECDHE-RSA-AES256-SHA
    AES128-SHA - -
    AES256-SHA - -
    DES-CBC3-SHA - -
    TLS_AES_128_GCM_SHA256 - - - -
    TLS_AES_256_GCM_SHA384 - - - -
    TLS_CHACHA20_POLY1305_SHA256 - - - -
    TLS_AES_128_CCM_SHA256 - - - -
    TLS_AES_128_CCM_8_SHA256 - - - -
    ECDHE-ECDSA-AES128-GCM-SHA256 - - - -
    ECDHE-ECDSA-AES256-GCM-SHA384 - - - -
    ECDHE-ECDSA-AES128-SHA256 - - - -
    ECDHE-ECDSA-AES256-SHA384 - - - -
    ECDHE-ECDSA-AES128-SHA - - - -
    ECDHE-ECDSA-AES256-SHA - - - -

    上表中的✔表示支持,-表示不支持。
  • 相关阅读:
    删除了原有的offset之后再次启动会报错park Streaming from Kafka has error numRecords must not ...
    sparkStreaming消费kafka-1.0.1方式:direct方式(存储offset到Hbase)
    sparkStreaming消费kafka-1.0.1方式:direct方式(存储offset到zookeeper)
    进程的管理(五)-进程的实现
    进程管理(四)-进程的状态以及转换
    进程管理(三)-进程的层次
    numpy库的认识以及数组的创建
    进程管理(二)-进程的终止
    进程管理(一)-进程的概念以及进程的创建
    python爬取b站排行榜
  • 原文地址:https://www.cnblogs.com/sanduzxcvbnm/p/16173529.html
Copyright © 2020-2023  润新知