https://www.ssllabs.com/ssltest/analyze.html?d=cablework.co
我不明白为什么一直说“C”。 我禁用了SSLv3。
这是我的configuration文件
server { listen 80; listen 443 ssl spdy; server_name cablework.co; ssl_certificate /etc/nginx/ssl/cablework.co.pem; ssl_certificate_key /etc/nginx/ssl/server.key; return 301 https://www.cablework.co$request_uri; } server { listen 443 ssl spdy; ssl_certificate /etc/nginx/ssl/cablework.co.pem; ssl_certificate_key /etc/nginx/ssl/server.key; ssl_ciphers 'AES256+EECDH:AES256+EDH'; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache shared:SSL:10m; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.4.4 8.8.4.4 valid=300s; resolver_timeout 10s; ssl_prefer_server_ciphers on; ssl_dhparam /etc/nginx/ssl/dhparam.pem; charset utf-8; location / { try_files $uri $uri/ /index.php?$query_string; } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } access_log off; error_log /var/log/nginx/www.cablework.co-error.log error; error_page 404 /index.php; location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; include fastcgi_params; } location ~ /\.ht { deny all; } add_header Strict-Transport-Security max-age=63072000; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; root /home/kryptonit3/cablework/public; index index.html index.htm index.php; server_name www.cablework.co; } 您忘记为名为cablework.co的server指定ssl_protocols和cablework.co 。 所以默认值 – 不pipe它们是什么 – 都被使用了。