![]() # HSTS (ngx_http_headers_module is required ) ( 63072000 seconds ) ![]() Ssl_session_cache shared:SharedNixCraftSSL:10m Ssl_certificate_key /etc/nginx/ssl/key.pem Server ssl_certificate /etc/nginx/ssl/fullchain.pem Just enable TLS version 1.3 in nginx: ssl_protocols TLSv1.3 How to Enable TLS 1.3 in Nginxįor both TLS version 1.2 and 1.3 use the following in nginx config file: ssl_protocols TLSv1.2 TLSv1.3 # replace with the IP address of your resolver Ssl_trusted_certificate /etc/nginx/ssl/fullchain.pem # verify chain of trust of OCSP response using Root CA and Intermediate certs The TLSv1.3 parameter (1.13.0) works only when OpenSSL 1.1.1 built with TLSv1.3 support is used. Please note that the TLSv1.1 and TLSv1.2 parameters (1.1.13, 1.0.12) work only when OpenSSL 1.0.1 or higher is used. $ openssl version OpenSSL 1.1.1d How To enable TLS 1.2 only in Nginx web server $ nginx -v nginx version: nginx/1.16.1 How to check OpenSSL version Hence, I recommend enabling both 1.2 and 1.3 support in Nginx. TLS 1.3 only supports Firefox 63+, Android 10.0+, Chrome 70+, Edge 75, Java 11, OpenSSL 1.1.1, Opera 57, and Safari 12.1. In other words, an older client from Windows XP or an older version of Android/Java won’t work. I tested the server configuration with the following components:Īs a result, this config option works the following clients only: We can combine and only allow TLS 1.2 and 1.3 in Nginx by setting: ssl_protocols TLSv1.2 TLSv1.3 Ī note about our set up for TLS 1.2 or 1.3 only in Nginx web server.For TLS version 1.3 by add ssl_protocols TLSv1.3.Set TLS version by editing ssl_protocols TLSv1.2.Edit nf file or virtual domain config file.Login to Nginx server using the ssh command.How to configure and enable Nginx to use TLS 1.2 and 1.3
0 Comments
Leave a Reply. |