nginx无法启用tls1.3的握手失败解决办法,openssl 1.1.1h bug
解决办法,升级到1.1.1k或者改配置
openssl 旧版本
ssl_reject_handshake on;要加上 证书
原(死活TLS1.3握手失败)
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_reject_handshake on;
}
新(随便配个自签证书解决)
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate _/_.crt;
ssl_certificate_key _/_.key;
ssl_reject_handshake on;
}
关联问题:
https://trac.nginx.org/nginx/ticket/2073
https://trac.nginx.org/nginx/ticket/2071
2022年4月19日补充
原(死活TLS1.3握手失败)
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_reject_handshake on;
}
新(指向一个自带证书解决)
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_reject_handshake on;
ssl_stapling off;
ssl_certificate /usr/share/doc/perl-IO-Socket-SSL/certs/server-ecc-cert.pem;
ssl_certificate_key /usr/share/doc/perl-IO-Socket-SSL/certs/server-ecc-key.pem;
}
如果没有证书
dnf install perl-File-ShareDir
{:3038:}{:3038:}{:3027:}
页:
[1]