SSL 2.0 and SSL 3.0 having lots of known vulnerabilities like POODLE (CVE-2014-3566), That’s why latest browsers have removed support for these vulnerable protocols. We also recommend moving your server to use TLS versions and specifically to TLS 1.2. This tutorial will help you to enable TLS 1.2 with Nginx web server.
Enable TLS 1.2 Only in Nginx
Edit your Nginx server block section for your domain in configuration file on your server and add set the ssl_protocols as followings. This enables TLSv1.2 only protocol in your Nginx server block.
ssl_protocols TLSv1.2;
The simplest Nginx server block with SSL looks like below
server { listen 443 ssl; server_name example.com; ssl_protocols TLSv1.2; ssl_certificate /etc/pki/tls/cert.pem; ssl_certificate_key /etc/pki/tls/private/privkey.pem;
Enable TLS 1.1 and 1.2 Both
As per article written here POODLE vulnerability expands beyond SSLv3 to TLS 1.0 and 1.1. So we don’t recommend to use this for production server but if you want to enable this for your development. You can do following configuration.
ssl_protocols TLSv1.2 TLSv1.1;
After making changes in your configuration file, restart Nginx service to apply new settings.
1 Comment
Rahul K., thank you for your blog post.Really thank you! Awesome.