@Pista

Почему Ошибка 525 SSL handshake failed при выключенном ssl_session_tickets off;?

Сгенерировал конфиг Nginx под SSL
https://ssl-config.mozilla.org/#server=nginx&versi...

Однако если параметр ssl_session_tickets off; в положении Выключен, (mozilla рекомендует выключать) то ошибка 525 SSL handshake failed

firefox_ucbDz9qmFw.png

Почему так происходит? Использую Cloudflare , в настройках SSL стоит FULL

chrome_B0wOcMMrnC.png

Полная версия конфига

server {
    listen 80;
    return 301 https://$host$request_uri;
}
server
{
  
  listen 443 ssl http2;
   
  server_name domain.ru;
    ssl_certificate /var/www/ssl/cert.pem; 
    ssl_certificate_key /var/www/ssl/privkey.pem; 
    ssl_dhparam /var/www/ssl/dhparam.pem;    
 
  # intermediate configuration
  
  <b>  ssl_session_tickets on;</b>  - если поставить OFF, то ошибка 525
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 session
	# intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
	# HSTS (ngx_http_headers_module is required) (63072000 seconds)
    add_header Strict-Transport-Security "max-age=63072000" always;
	
	# OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;
	keepalive_timeout   70;




  root /var/www/html/domain.ru;
access_log  /dev/null;
error_log /dev/null;
  
include /root/nginx_user_locations.conf;

  location /backup/
  {
    access_log off;
    log_not_found off;
    return 404;
  }

  location /wp-content/plugins/d
  {
    access_log off;
    log_not_found off;
    return 404;
  }

  location /wp-content/plugins/d/d.php
  {
    access_log off;
    log_not_found off;
    return 404;
  }


  location ~ /\.
  {
    access_log off;
    log_not_found off;
    deny all;
  }

  location = /favicon.ico
  {
    root /var/www/html/domain.ru;
    expires max;
    access_log off;
    log_not_found off;
  }

  location = /robots.txt
  {
    try_files $uri $uri/ /index.php?$args;
    access_log off;
    log_not_found off;
  }

  location ~* \.(js|css|png|jpg|jpeg|gif|ico)$
  {
    expires max;
    log_not_found off;
  }

  location ^~ /wp-includes/
  {
    root /var/www/wp;
    location ~ \.php$
    {
      fastcgi_pass php;
      include fastcgi.conf;
      include fastcgi_params;
    }
  }

  location = /wp-admin { rewrite ^(.+)$ /wp-admin/ permanent; }
  location ^~ /wp-admin/
  {
    root /var/www/wp;
    location ~ \.php$
    {
      fastcgi_pass php;
      include fastcgi.conf;
      include fastcgi_params;
      fastcgi_param DOCUMENT_ROOT /var/www/html/domain.ru;
    }
  }

  location = /
  {
    root /var/www/wp;
    fastcgi_pass php;
    include fastcgi.conf;
    include fastcgi_params;
    fastcgi_param DOCUMENT_ROOT /var/www/html/domain.ru;
  }

  location /
  {
    try_files $uri $uri/ /index.php?$args;
  }

  location ~ \.php$
  {
    try_files $uri $uri/ @php_wp;

    root /var/www/html/domain.ru;
    fastcgi_pass php;
    include fastcgi.conf;
    include fastcgi_params;
    fastcgi_param DOCUMENT_ROOT /var/www/html/domain.ru;
  }

  location @php_wp
  {
    try_files $uri = 404;

    root /var/www/wp;
    fastcgi_pass php;
    include fastcgi.conf;
    include fastcgi_params;
    fastcgi_param DOCUMENT_ROOT /var/www/html/domain.ru;
  }

}
  • Вопрос задан
  • 1168 просмотров
Пригласить эксперта
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Войти через центр авторизации
Похожие вопросы