即使我有密钥和证书，nginx也不支持加密协议

Question

这很好用，但由于某种原因，它开始不起作用。我有一个777文件夹中的ssl文件。这是我的nginx conf：

$("[id*=recdevgvDDListServiceNameInsert] option[value*='cell']").show();

以下是我网站上的密码扫描日志：

     keepalive_timeout 70;

     ssl_certificate     /path/to/crt;
     ssl_certificate_key /path/to/key;  #these are both correct
     #the rest of this file is shown as it is

     ssl_session_timeout 1d;
     ssl_session_cache shared:SSL:50m;

     #ssl_dhparam /path/to/dhparam.pem;

     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     #I had 'modern' (no TLSv1). Tried to add it to see if it would fix but it didn't
     ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256$
     ssl_prefer_server_ciphers on;

     add_header Strict-Transport-Security max-age=15768000;

     ssl_stapling on;
     ssl_stapling_verify on;

     ## verify chain of trust of OCSP response using Root CA and Intermedia$
     #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

     #resolver <IP DNS resolver>;

当我执行Certificate: untrusted, bits, signature TLS ticket lifetime hint: OCSP stapling: not supported Cipher ordering: server Curves ordering: none - fallback: no Renegotiation test error Supported compression methods test error TLS Tolerance: no Fallbacks required: big-SSLv3 config not supported, connection failed big-TLSv1.0 config not supported, connection failed big-TLSv1.1 config not supported, connection failed big-TLSv1.2 config not supported, connection failed small-SSLv3 config not supported, connection failed small-TLSv1.0 config not supported, connection failed small-TLSv1.0-notlsext config not supported, connection failed small-TLSv1.1 config not supported, connection failed small-TLSv1.2 config not supported, connection failed v2-big-TLSv1.2 config not supported, connection failed v2-small-SSLv3 config not supported, connection failed v2-small-TLSv1.0 config not supported, connection failed v2-small-TLSv1.1 config not supported, connection failed v2-small-TLSv1.2 config not supported, connection failed 时，不会引用任何错误，并且它会以应有的方式启动。有没有人知道可能发生的事情？非常感谢你的帮助

当通过Firefox访问时，我得到＆＃34;安全连接失败＆＃34;当通过chrome访问时，我得到＆＃34; SSL连接错误：ERR_SSL_PROTOCOL_ERROR＆＃34;。 这可能是由于名称服务器造成的吗？我最近尝试启用cloudflare，因此我怀疑流量是否被严重操纵。

Answer 1

 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256$

这是您在此处尝试使用的一组非常严格的密码。这些都是仅支持TLS 1.2的GCM密码 - 这意味着您接受TLS 1.0和TLS 1.1流量的选项是无用的。并且可能所有浏览器都不支持这些密码。有关推荐的配置，请参阅https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29。

除此之外，您显示的语法是错误的，即该行不应以$而是以';结尾。但这可能只是你问题上的错字。