ssl_protocols TLSv1.2 TLSv1.3
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
ServerAdmin admin@example.com
ServerName
ServerAlias example.com
#DocumentRoot /data/httpd/htdocs/example.com/
DocumentRoot /data/httpd/htdocs/example_hueman/
# Log file locations
LogLevel warn
ErrorLog /var/log/httpd/example.com/httpserror.log
CustomLog "|/usr/sbin/rotatelogs /var/log/httpd/example.com/httpsaccess.log.%Y-%m-%d 86400" combined
</VirtualHost>
最后,验证配置并重新加载Apache。
-------------- 在 Debian/Ubuntu 上--------------
# apache2 -t
# systemctl reload apache2.service
-------------- 在 RHEL/CentOS/Fedora 上--------------
# httpd -t
# systemctl reload httpd.service
验证站点是否正在使用TLS 1.3
通过Web服务器配置后,您可以使用Chrome 70+版本上的Chrome浏览器开发工具检查您的站点是否通过TLS 1.3协议进行握手。
验证域名上的TLS 1.3协议
就这样。 您已在Apache或Nginx Web服务器上托管的域上成功启用了TLS 1.3协议。 如果您对本文有任何疑问,请随时在下面的评论部分询问。
Linux公社的RSS地址:https://www.linuxidc.com/rssFeed.aspx