Introduction
Transport Layer Security (TLS) is a security technology that protects data when transmitted over the internet. It encrypts the information so that only the intended recipient can read it, keeping it safe from hackers or anyone else trying to snoop. Understanding how to configure Nginx to use TLS 1.2 / 1.3 is essential for enhancing server security, as these versions provide stronger encryption and improved performance. Configuring Nginx to use only TLS 1.2 and 1.3 ensures robust security by disabling older, vulnerable protocols and protecting your data from potential cyber threats.
What are TLS 1.2 and 1.3?
TLS 1.2 and TLS 1.3 are cryptographic protocols developed to ensure secure communication over the Internet. Introduced in 2008, TLS 1.2 is still widely used today, thanks to its support for modern encryption techniques and its reliability in protecting data. TLS 1.3, released in 2018, goes a step further by offering improved security and performance. It eliminates outdated features, resulting in faster handshakes and reduced latency while maintaining a higher level of encryption. Both versions are crucial for ensuring safe and efficient data transmission in modern web environments.
Minimum Requirements
- Nginx Version: 1.13.0 or higher.
- OpenSSL Version: 1.1.1 or higher.
- Access to the Nginx configuration files.
How to Configure
Open your Nginx configuration file:
#vim /etc/nginx/nginx.confTo configure TLS 1.2 and 1.3, locate or add the ssl_protocols directive under the server block:
ssl_protocols TLSv1.2 TLSv1.3;For example, the sample virtual host configuration for the domain “example.com.”
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
root /var/www/example.com/public;
ssl_certificate /path/to/your/certificate.crt;
ssl_certificate_key /path/to/your/private.key;
ssl_protocols TLSv1.2 TLSv1.3;
}Save and exit the file.
Test the configuration:
#nginx -tReload Nginx:
#systemctl reload nginxCheck TLS 1.2 and 1.3 are enabled
To check that TLS 1.2 and 1.3 are enabled, you can use an online SSL checker or the OpenSSL command:
#curl -v https://example.com/Conclusion
Enabling only TLS 1.2 and 1.3 significantly enhances your server’s security by preventing vulnerabilities associated with older protocols. To ensure ongoing security and performance, regularly update Nginx and OpenSSL to stay aligned with the latest standards. For more details on how to configure Nginx to use TLS 1.2 / 1.3 or if you need assistance with server configuration, contact a trusted server management company for expert support.
