Score:0

Nginx TLS setting conflict

tc flag

I want my Nginx's SSL on the default website only support TLSv1.1 to achieve the effect of the browser's "unsupported encryption protocol" preventing others from directly access my source IP, but if I set the default website's configuration file only supports TLSv1.1, other sites will also not support TLSv1.2 and TLSv1.3, which confuses me, any ideas?

Score:0
ws flag

1: Prevent leaking certificate-related fingerprint information by using ssl_reject_handshake on; on the default_server to reject the SSL handshake. This requires your nginx >= 1.19.4 (If enabled, SSL handshakes in the server block will be rejected.)

2: If your nginx version does not support "method 1", then you can use self-signing to prevent the certificate from leaking the relevant fingerprint information.

By the way: you can return the non-standard code 444 closes a connection without sending a response header.

Sorry, English is not my native language, hope you can understand :)

nightisovered avatar
tc flag
Sorry I tried. The "method 2" is currently what I am using, but the point is I don't want anyone saw any kind of certs if they access "https://IP:443". If I apply "method 1" to default site,all other sites will still be affective.And I tried "non-standard respond codes" too, it can still see the certificate of the server...(The cert is the one I applied to the default site)
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.