昨天部署的 SSL 服务器选项过时了,被 ssllabs 评级为 F。现统一修改 nginx options 如下,评级为 A。
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers RC4:HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m;
https://www.ssllabs.com/ssltest/analyze.html?d=lug.ustc.edu.cn
https://www.ssllabs.com/ssltest/analyze.html?d=blog.ustc.edu.cn