Disable TLS 1.0 and TLS 1.1 on Nginx and Enable TLS 1.2 and TLS 1.3

SSL/TLS protocol settings may be specified in the primary Nginx configuration file (usually located at /etc/nginx/nginx.conf), or in your site configuration files. Look for a line beginning with ssl_protocols. For example, the following is from the default nginx.conf file from a fresh Nginx install on Ubuntu:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE

You can edit this line so that only current, secure versions of SSL/TLS are included:

ssl_protocols TLSv1.2 TLSv1.3;

Note that any settings in your default SSL configuration may be overridden by server blocks configuring individual domain names, so be sure to check for those if changes to your protocol settings are not reflected in your website.

Once you have made your configuration changes, reload Nginx to put them into effect. For more information, please refer to Nginx’s documentation on configuring HTTPS servers.

Published At
Tagged with