WDlinux官方论坛 - Powered by Discuz! Board

标题: [BUG反馈] 开启ssl服务没有支持TLS1.0 跟1.1 [打印本页]

作者: 294652958 时间: 2018-3-16 13:44 标题: 开启ssl服务没有支持TLS1.0 跟1.1

开启ssl服务后网站只支持TLS1.2 部分老版本的安卓设置只能使用TLS1.0 或者TLS1.1 导致部分安卓设置打不开网站请问在哪里配置TLS1.0 跟TLS1.1呢

作者: lele8060 时间: 2018-5-11 16:15

是多站点虚拟主机吗?
如果是虚拟主机的话,下面的方法或许会帮助到你.
我之前也遇到这个问题,困惑了半年终于解决了.

https://serverfault.com/questions/513961/how-to-disable-tls-1-1-1-2-in-apache

作者: lele8060 时间: 2018-5-11 16:15

First of all, you must identify what is the default vhost for port 443 in your server (the first SSL vhost loaded by Apache) and edit it's configuration file. Most users have an ssl.conf file in their servers, with a vhost for port 443 configured there. As the name of this file begins with "s", it will load before the vhosts configured in vhosts.conf (which begins with "v"). So, check if this is your case (the answer is "yes" for virtually everyone) and change the protocols in that file. That's enough!

作者: 乘风 时间: 2019-1-18 23:48

回复 2# lele8060

可以具体说一下你是怎么解决的吗？我试了几次还是不行

作者: 乘风 时间: 2019-1-19 10:36

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile conf/cert/x.star.com.crt
SSLCertificateKeyFile conf/cert/x.star.com.key
SSLCertificateChainFile conf/cert/bundle_x.star.com.crt

SSLProtocol TLSv1 TLSv1.1 TLSv1.2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4

#SSLProtocol +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
#SSLProtocol all -SSLv2 -SSLv3
#SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
#SSLHonorCipherOrder on

欢迎光临 WDlinux官方论坛 (http://wdlinux.cn/bbs/)