TLS 1.0 已過時。啟用 TLS 1.2 或更高版本。nginx

/etc/nginx/sites-enabled/example_com我在域下有以下 nginx 配置example.com：

server {

   server_name example.com;

   location / {
        proxy_set_header   X-Forwarded-For $remote_addr;
        proxy_set_header   Host $http_host;
        proxy_pass         "http://127.0.0.1:3010";
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header X-Request-Port '80';
        proxy_cache_bypass $http_upgrade;
    }

   listen [::]:443 ssl ipv6only=on; # managed by Certbot
   listen 443 ssl; # managed by Certbot
   ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
  
   ssl_protocols TLSv1.2;
}server {
   if ($host = example.com) {
       return 301 https://$host$request_uri;
   } # managed by Certbot


   listen 80;
   listen [::]:80;

   server_name example.com;
   return 404; # managed by Certbot
}

當我點擊example.comChrome 時，我在安全選項卡中收到以下消息：

This page is not secure (broken HTTPS).
Certificate - missing
This site is missing a valid, trusted certificate (net::ERR_SSL_OBSOLETE_VERSION).

Connection - obsolete connection settings
The connection to this site is encrypted and authenticated using TLS 1.0, ECDHE_RSA with P-256, and AES_256_CBC with HMAC-SHA1.
TLS 1.0 is obsolete. Enable TLS 1.2 or later.
AES_256_CBC is obsolete. Enable an AES-GCM-based cipher suite.

我已經做過的：

• nginx -t

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

• sudo service nginx restart和sudo service nginx reload`
• 已檢查/var/log/nginx/error.log-> 在訪問域時也沒有錯誤
• 域指向正確的伺服器 IP 地址。事實上，如果我禁用 SSL，它會按預期工作

知道為什麼它告訴我我只TLSv1.2啟用了 TLSv1 嗎？

編輯：

出nginx -T：

http {

   ##
   # Basic Settings
   ##

   sendfile on;
   tcp_nopush on;
   tcp_nodelay on;
   keepalive_timeout 65;
   types_hash_max_size 2048;
   # server_tokens off;

   # server_names_hash_bucket_size 64;
   # server_name_in_redirect off;

   include /etc/nginx/mime.types;
   default_type application/octet-stream;

   ##
   # SSL Settings
   ##

   ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
   ssl_prefer_server_ciphers on;

   ##
   # Logging Settings
   ##

   access_log /var/log/nginx/access.log;
   error_log /var/log/nginx/error.log;

   ##
   # Gzip Settings
   ##

   gzip on;
   gzip_disable "msie6";

   # gzip_vary on;
   # gzip_proxied any;
   # gzip_comp_level 6;
   # gzip_buffers 16 8k;
   # gzip_http_version 1.1;
   # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

   ##
   # Virtual Host Configs
   ##

   include /etc/nginx/conf.d/*.conf;
   include /etc/nginx/sites-enabled/*;
}

# configuration file /etc/nginx/sites-enabled/example_com:
server {

   server_name example.com;

   location / {
        proxy_set_header   X-Forwarded-For $remote_addr;
        proxy_set_header   Host $http_host;
        proxy_pass         "http://127.0.0.1:3010";
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header X-Request-Port '80';
        proxy_cache_bypass $http_upgrade;
    }

   listen [::]:443 ssl ipv6only=on; # managed by Certbot
   listen 443 ssl; # managed by Certbot
   ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

   ssl_protocols TLSv1.2;
}server {
   if ($host = example.com) {
       return 301 https://$host$request_uri;
   } # managed by Certbot


   listen 80;
   listen [::]:80;

   server_name example.com
   return 404; # managed by Certbot
}

編輯 2：我已經更新了 nginx 的 HTTP 部分，ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE但我仍然遇到同樣的問題。

編輯 3（新配置）：

# configuration file /etc/nginx/sites-enabled/example_com:
server {

   server_name example.com;

   location / {
        proxy_set_header   X-Forwarded-For $remote_addr;
        proxy_set_header   Host $http_host;
        proxy_pass         "http://127.0.0.1:3010";
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header X-Request-Port '80';
        proxy_cache_bypass $http_upgrade;
    }

   listen [::]:443 ssl ipv6only=on; # managed by Certbot
   listen 443 ssl; # managed by Certbot
   ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
   ssl_session_cache shared:SSL:1m; 
   ssl_session_timeout 10m;
   ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
     ssl_protocols TLSv1.2;
     ssl_dhparam /home/ubuntu/dhparams.pem;
}server {
   if ($host = example.com) {
       return 301 https://$host$request_uri;
   } # managed by Certbot


   listen 80;
   listen [::]:80;

   server_name example.com;
   return 404; # managed by Certbot


}

附加資訊：OpenSSL 版本：OpenSSL 1.0.2g 2016 年 3 月 1 日

今天突然間它就起作用了。我沒有改變任何東西。也許是一個記憶體問題。我不確定，因為我已經多次清除瀏覽器記憶體並嘗試使用隱身模式和 firefox。我想這個問題的解決方案是仔細檢查 nginx 配置的“HTTP”部分以避免不必要的覆蓋。

引用自：https://serverfault.com/questions/1044426