Do some of our netizens find that the websites that have been used and are running normally also have SSL certificates configured for HTTPS encrypted access. But sometimes browser compatibility is not very good, mainly because compatibility needs to be supported at present SSL TLS1.3 protocol , while the TLS 1.2 protocol was basically used previously. Starting from TLS 1.3, some insecure encryption algorithms are deleted. In this article, we organize the tutorial on how to configure TLS1.3 support in the regular pagoda panel.
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:! MD5;
We check the SSL configuration of the current site.
If we used to configure the old pagoda panel, we can see that there is no TLS1.3 protocol. If we see that there is already TLS1.3 protocol, we should not modify it.
Similarly, if we do not use the panel and use other one click LNMP environment, it is also similar. However, Lao Zuo suggested that as time goes by, the WEB environment is relatively old or the software is relatively old. In fact, we recommend reformatting or optimizing the system within a year or so, just like cleaning at home, we also need to slightly optimize the server.