<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif">А у вас только один ssl хост?<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 28, 2017 at 12:59 PM, Максим Баштовой <span dir="ltr"><<a href="mailto:mail@sho0ter.com" target="_blank">mail@sho0ter.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><p>nginx 1.13.5-1<br>openssl 1.1.0f-5</p><p>ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;<br> ssl_certificate /etc/nginx/ssl/chained.crt;<br> ssl_certificate_key /etc/nginx/ssl/ssl.key;<br> ssl_dhparam /etc/nginx/ssl/dhparam.pem;<br> ssl_prefer_server_ciphers on;<br> ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:<wbr>RSA+3DES:!NULL:!RC4;<br> ssl_ecdh_curve prime256v1;<br> ssl_session_cache shared:SSL:10m;<br> ssl_session_tickets off;<br> ssl_stapling on;<br> ssl_stapling_verify on;<br> ssl_trusted_certificate /etc/nginx/ssl/ocsp.crt;<br> resolver 8.8.8.8 8.8.4.4 valid=300s;<br> resolver_timeout 5s;<br> add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";<br> #add_header X-Frame-Options SOMEORIGIN;<br> add_header X-Content-Type-Options nosniff;<br> add_header X-XSS-Protection "1; mode=block;";</p><p>SSL тест сообщает:</p><table class="m_-7356182935368050795reportTable m_-7356182935368050795mceItemTable" style="border-collapse:collapse;width:850px;margin:0px 10px 0px 0px;padding:0px;font-size:12px;line-height:20px;font-family:Arial,Helvetica,sans-serif;background-color:#fdfdfd"><thead><tr><td class="m_-7356182935368050795tableHead" style="color:#009ddf;font-weight:bold;padding-bottom:5px;vertical-align:middle;border-bottom:2px solid #c6d2d4;font-size:13px" colspan="2">Protocols</td></tr></thead><tbody><tr class="m_-7356182935368050795tableRow"><td class="m_-7356182935368050795tableLeft" style="padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">TLS 1.3</td><td class="m_-7356182935368050795tableRight" style="width:50px;text-align:right;padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">No</td></tr><tr class="m_-7356182935368050795tableRow"><td class="m_-7356182935368050795tableLeft" style="padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle"><font color="green">TLS 1.2</font></td><td class="m_-7356182935368050795tableRight" style="width:50px;text-align:right;padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle"><font color="green">Yes</font></td></tr><tr class="m_-7356182935368050795tableRow"><td class="m_-7356182935368050795tableLeft" style="padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">TLS 1.1</td><td class="m_-7356182935368050795tableRight" style="width:50px;text-align:right;padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">No</td></tr><tr class="m_-7356182935368050795tableRow"><td class="m_-7356182935368050795tableLeft" style="padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">TLS 1.0</td><td class="m_-7356182935368050795tableRight" style="width:50px;text-align:right;padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">No</td></tr><tr class="m_-7356182935368050795tableRow"><td class="m_-7356182935368050795tableLeft" style="padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">SSL 3</td><td class="m_-7356182935368050795tableRight" style="width:50px;text-align:right;padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">No</td></tr><tr class="m_-7356182935368050795tableRow"><td class="m_-7356182935368050795tableLeft" style="padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">SSL 2</td><td class="m_-7356182935368050795tableRight" style="width:50px;text-align:right;padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">No</td></tr></tbody></table><p><br></p><p>Старые браузеры, соотв., поотваливались</p><p>Подскажите, пожалуйста, как вернуть поддержку старых версий TLS?<br><br>С уважением,<br>Максим Баштовой<br><a href="http://www.sho0ter.com" target="_blank">www.sho0ter.com</a><br><a href="mailto:mail@sho0ter.com" target="_blank">mail@sho0ter.com</a></p></div>
<br>______________________________<wbr>_________________<br>
nginx-ru mailing list<br>
<a href="mailto:nginx-ru@nginx.org">nginx-ru@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-ru" rel="noreferrer" target="_blank">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx-ru</a><br></blockquote></div><br></div>