ATS必须满足的条件
服务器支持 TLSv 1.2 协议 PFS(完全正向保密)ECDHE
服务器操作系统版本要求(支持TLS1.2)
WIN 2008 R2 IIS 7 以上版本 CentOS 6+ OpenSSL 1.0.1c+ Apache 2.4 + Nginx 1.0.6+ JDK1.7 tomcat7.0.56+
1 . TLS1.2 请根据上面版本要求升级.
2. ECDHE apache 、nginx设置方法 (点此查看)
3. Linux操作系统 尽量使用较新版本
连接必须使用 AES-128 或者 AES-256 加密,并且支持PFS(完全正向保密)ECDHE , Apple 推荐以下加密套件:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Apache 设置方法(必须满足上面服务器版本要求):
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCompression off SSLSessionTickets Off
Nginx 设置方法(必须满足上面服务器版本要求):
ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_session_cache shared:SSL:10m; ssl_session_tickets off;
Lighttpd设置方法(openssl 必须符合要求)
ssl.honor-cipher-order = "enable" ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH" ssl.use-compression = "disable" ssl.use-sslv2 = "disable" ssl.use-sslv3 = "disable"
Apple 官方文档
https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html
帮助中心
售前咨询