diff options
| author |   jinquanni <ni.jinquan@zte.com.cn> | 2022-03-22 19:36:42 +0800 |
|---|---|---|
| committer | jinquanni <ni.jinquan@zte.com.cn> | 2022-03-22 19:36:42 +0800 |
| commit | 531d317f6219396e7cbe189ea2a6faea7c7a14c5 (patch) | |
| tree | 73e3428b8a0a12f3dc6b339d8bf69aec2484218d | |
| parent | 3bbfc6630e9456c013250fb39f6682894f1ab148 (diff) | |
[MSB]Support TLSv1.3
Nginx should user server ciphers for security
Nginx requests per keepalive connection is too small
Issue-ID: MSB-661
Signed-off-by: jinquanni <ni.jinquan@zte.com.cn>
Change-Id: Iec6f3d61e12a4a79e9a9d3301e694cdcf4a73d44
3 files changed, 3 insertions, 3 deletions
diff --git a/openresty-ext/src/assembly/resources/openresty/nginx/conf/nginx.conf b/openresty-ext/src/assembly/resources/openresty/nginx/conf/nginx.conf index a340aa8..45bd850 100644 --- a/openresty-ext/src/assembly/resources/openresty/nginx/conf/nginx.conf +++ b/openresty-ext/src/assembly/resources/openresty/nginx/conf/nginx.conf @@ -50,7 +50,7 @@ http { server_tokens off; keepalive_timeout 120s; - keepalive_requests 200; + keepalive_requests 2000; types_hash_max_size 2048; #open_file_cache max=200000 inactive=300s; diff --git a/openresty-ext/src/assembly/resources/openresty/nginx/msb-enabled/msb.conf b/openresty-ext/src/assembly/resources/openresty/nginx/msb-enabled/msb.conf index 8ed1077..0395fc6 100644 --- a/openresty-ext/src/assembly/resources/openresty/nginx/msb-enabled/msb.conf +++ b/openresty-ext/src/assembly/resources/openresty/nginx/msb-enabled/msb.conf @@ -17,7 +17,7 @@ #the maximum allowed size of the client request body,current 10G client_max_body_size 10240m; client_body_buffer_size 128k; - +ssl_prefer_server_ciphers on; #set conf for proxy pass proxy_connect_timeout 5s; proxy_read_timeout 1200s; diff --git a/openresty-ext/src/assembly/resources/openresty/nginx/msb-enabled/msbhttps.conf b/openresty-ext/src/assembly/resources/openresty/nginx/msb-enabled/msbhttps.conf index 6ca846c..d474cbe 100644 --- a/openresty-ext/src/assembly/resources/openresty/nginx/msb-enabled/msbhttps.conf +++ b/openresty-ext/src/assembly/resources/openresty/nginx/msb-enabled/msbhttps.conf @@ -17,7 +17,7 @@ server { listen 443 ssl; ssl_certificate ../ssl/cert/cert.crt; ssl_certificate_key ../ssl/cert/cert.key; - ssl_protocols TLSv1.1 TLSv1.2; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_dhparam ../ssl/dh-pubkey/dhparams.pem; include ../msb-enabled/location-default/msblocations.conf; # Add below settings for making SDC to work |