当ssl_reject_handshake 设置为 on 时,Nginx 服务器会在检测到 SSL/TLS 握手请求不符合其配置要求(如客户端使用的协议版本、加密算法等不被服务器支持)时,立即拒绝该握手请求,并关闭连接。这有助于增强服务器的安全性,因为它可以防止服务器尝试与配置不兼容或不安全的客户端建立连接。
Nginx 1.19.4 introduced a new feature called "ssl_reject_handshake" which can be used to block unwanted SSL handshakes. I noticed that, when enabled, it effectively turns off TLSv1.3. I opened the following ticket: https://trac.nginx.org...