2022年都快过完了还有人做假证书防止IP泄漏的？？？

Nginx从2020年发布的1.19.4版本开始就内置了更好的方式啊,

Syntax:        ssl_reject_handshake on | off;
Default:        ssl_reject_handshake off;
Context:        http, server
This directive appeared in version 1.19.4.

If enabled, SSL handshakes in the server block will be rejected.

For example, in the following configuration, SSL handshakes with server names other than example.com are rejected:

server {
    listen               443 ssl default_server;
    ssl_reject_handshake on;
}

server {
    listen              443 ssl;
    server_name         example.com;
    ssl_certificate     example.com.crt;
    ssl_certificate_key example.com.key;
}

443端口配俩server,  在default_server那个server里面别写server_name, 然后加上ssl_reject_handshake on;
这样如果请求是按IP过来的或者是不认识的伪造域名, Nginx就会拒绝接受连接

会返回什么错误码吗？

➜  curl -v https://a.b.c.d
*   Trying a.b.c.d:443…
* Connected to a.b.c.d (a.b.c.d) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, unrecognized name (624):
* error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name
* Closing connection 0
curl: (35) error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name

TLS握手不成功, 肯定是不会有HTTP状态码返回的, 码不码的不重要, 因为这些都是"恶意请求",

Chrome浏览器会显示 "无法访问此网站" , "ERR_SSL_UNRECOGNIZED_NAME_ALERT"错误