分类 Web科技 下的文章
Security/Server Side TLS | wiki 备份
Recommended configurations
Mozilla maintains three recommended configurations for servers using TLS. Pick the correct configuration depending on your audience:
- Modern: Modern clients that support TLS 1.3, with no need for
backwards compatibility - Intermediate: Recommended configuration for a general-purpose server
- Old: Services accessed by very old clients or libraries, such as
Internet Explorer 8 (Windows XP), Java 6, or OpenSSL 0.9.8
| Configuration | Firefox | Android | Chrome | Edge | Internet Explorer | Java | OpenSSL | Opera | Safari |
|---|---|---|---|---|---|---|---|---|---|
| Modern | 63 | 10.0 | 70 | 75 | -- | 11 | 1.1.1 | 57 | 12.1 |
| Intermediate | 27 | 4.4.2 | 31 | 12 | 11 (Win7) | 8u31 | 1.0.1 | 20 | 9 |
| Old | 1 | 2.3 | 1 | 12 | 8 (WinXP) | 6 | 0.9.8 | 5 | 1 |
The ordering of cipher suites in the Intermediate and Old configurations is very important, as it determines the priority with which algorithms are selected.
OpenSSL will ignore cipher suites it doesn't understand, so always use the full set of cipher suites below, in their recommended order. The use of the Old configuration with modern versions of OpenSSL may require custom builds with support for deprecated ciphers.
Windows下IIS安装SSL证书并自动续期
最近Let’s Encrypt申请的证书过期了,Let’s Encrypt带自动续费但网上的都是Linux系统配置自动续费,然后不久前letsencrypt-win-simple更新为win-acme之后就可以开启自动续费。便开始鼓捣win-acme
1.使用win-acme安装SSL
github.com/PKISharp/win-acme