Kendrick Asked: 2024-03-19 13:10:21 +0800 CST2024-03-19 13:10:21 +0800 CST 2024-03-19 13:10:21 +0800 CST Nginx 能否为不兼容 TLS 1.3 的客户端将 TLS 1.0 转换为 1.3? 772 我的旧设备不支持 TLS 或仅支持 TLS 1.0。 Nginx 能否在这些仅使用 HTTP 或 TLS 1.0 的不兼容设备与使用 TLS 1.3 的端点之间进行转换? nginx 1 个回答 Voted Best Answer djdomi 2024-03-28T16:30:03+08:002024-03-28T16:30:03+08:00 简短而肮脏的答案: 是的,可以,但是你应该淘汰这些旧设备。Nginx 不关心超出它的内容,即使它是默认配置中有效或无效的 SSL 证书。 配置示例: server { server_name tld.domain.it; access_log /var/log/nginx/tld.domain.it.access.log; error_log /var/log/nginx/tld.domain.it.error.log; listen [::]:443 ssl ; listen 443 SSL ; #Useful for the old site proxy_no_cache 1; proxy_cache_bypass 1; #For reaaaly old broken stuff, force IE-Emulation Mode (may help) #add_header ‘X-UA-Compatible’ ‘IE=EmulateIE7’; #Force tls1 #proxy_ssl_protocols TLSv1 # I prefer to log also rewrite rewrite_log on; proxy_pass https://127.0.0.1:12345; proxy_set_header Host $http_host; } ssl_certificate /etc/letsencrypt/live/exmaple.it/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.it/privkey.pem; } 参考 https://docs.nginx.com/nginx/admin-guide/security-controls/secure-http-traffic-upstream/ https://docs.nginx.com/nginx/admin-guide/web-server/reverse-代理/ https://nginx.org/en/docs/http/ngx_http_proxy_module.html
简短而肮脏的答案:
是的,可以,但是你应该淘汰这些旧设备。Nginx 不关心超出它的内容,即使它是默认配置中有效或无效的 SSL 证书。
配置示例:
参考
https://docs.nginx.com/nginx/admin-guide/security-controls/secure-http-traffic-upstream/ https://docs.nginx.com/nginx/admin-guide/web-server/reverse-代理/ https://nginx.org/en/docs/http/ngx_http_proxy_module.html