How To Enable TLS 1.2 Only In Nginx Web Server

Updated on April 29, 2018 by
Nginx , , ,

SSL 2.0 and SSL 3.0 having lots of known vulnerabilities like POODLE (CVE-2014-3566), That’s why latest browsers have removed support for these vulnerable protocols. We also recommend moving your server to use TLS versions and specifically to TLS 1.2. This tutorial will help you to enable TLS 1.2 with Nginx web server.

Enable TLS 1.2 Only in Nginx

Edit your Nginx server block section for your domain in configuration file on your server and add set the ssl_protocols as followings. This enables TLSv1.2 only protocol in your Nginx server block.

 ssl_protocols TLSv1.2;

The simplest Nginx server block with SSL looks like below

server {
    listen 443 ssl;
    server_name example.com;

    ssl_protocols TLSv1.2;
    ssl_certificate /etc/pki/tls/cert.pem;
    ssl_certificate_key /etc/pki/tls/private/privkey.pem;

Enable TLS 1.1 and 1.2 Both

As per article written here POODLE vulnerability expands beyond SSLv3 to TLS 1.0 and 1.1. So we don’t recommend to use this for production server but if you want to enable this for your development. You can do following configuration.

 ssl_protocols TLSv1.2 TLSv1.1;

After making changes in your configuration file, restart Nginx service to apply new settings.

Rahul K.
Rahul K.
Connect on Facebook Connect on Twitter Connect on Google+

I, Rahul Kumar am the founder and chief editor of TecAdmin.net. I am a Red Hat Certified Engineer (RHCE) and working as an IT professional since 2009..

Related Posts

1 Comment

  1. Detea Reply to Detea
    April 30, 2018 at 11:44 pm

    Rahul K., thank you for your blog post.Really thank you! Awesome.

Leave a Reply

All rights reserved. © 2013-2018 TecAdmin.net. This site uses cookies. By using this website you agree our term and services