Enabling DHE cipher on nginx (for IE 11 compatibility)

Note: The content in this article is likely deprecated. Please refer to https://ssl-config.mozilla.org for the latest SSL best practice.

# generated 2020-10-27, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.0.2k, intermediate configuration, no HSTS, no OCSP
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.0.2k&hsts=false&ocsp=false&guideline=5.6

ssl_dhparam /path/to/dhparam;

# intermediate configuration
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
}

To add support on IE 11 on Windows 7 / 8.1, add the following ciphers to the ssl_ciphers list.

ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384

Realize that dhparam is a must for nginx to enable DHE Cipher, oopsie…

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据