uat环境的ack集群部署的时候没有勾选阿里云自带的ingress,后期通过控制台安装的
导致ingress仅支持tls1.2版本,在一次测试中开发发现java调用https的域名报了如下的错误,查询大牛博客和阿里云官网发现有类似问题
修改ack ingress配置,修改完自动reload生效
kubectl -n kube-system edit cm nginx-configuration
如果要支持1.0和1.2必须要加上 @SECLEVEL=0
ssl-ciphers: "@SECLEVEL=0 ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA" ssl-protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"
阿里云官方文档:
https://help.aliyun.com/zh/ack/ack-managed-and-ack-dedicated/user-guide/nginx-ingress-faq
