How to enable TLS1.2 only in Nginx web server

SSL2.0 and SSL3.0 have many known vulnerabilities such as POODLE (CVE-2014-3566), which is why the latest browsers have removed support for these vulnerable protocols. It is recommended that you move your server to use a TLS version, specifically TLS 1.2. This article will introduce how to enable TLS 1.2 using Nginx web server.

Enable TLS1.2 in Nginx only

Edit the Nginx server block section of the domain in the configuration file on the server, And add the following ssl_protocols settings. This will enable only TLSv1.2 protocol in Nginx server block.

 ssl_protocols TLSv1.2;

The simplest nginx server block using ssl is as follows

server {
    listen 443 ssl;
    server_name example.com;

    ssl_protocols TLSv1.2;
    ssl_certificate /etc/pki/tls/cert.pem;
    ssl_certificate_key /etc/pki/tls/private/privkey.pem;

Enable TLS 1.1 and 1.2 simultaneously

poodle vulnerability extends from sslv3 to tls 1.0 and 1.1. Therefore, we do not recommend using it for production servers, but if you want to enable it for development. The following configurations can be performed.

 ssl_protocols TLSv1.2 TLSv1.1;

After changing the configuration file, restart the nginx service to apply the new settings.

This article has ended here. For more exciting content, you can pay attention to the Linux Video Tutorial Column on the PHP Chinese website! ! !

The above is the detailed content of How to enable TLS1.2 only in Nginx web server. For more information, please follow other related articles on the PHP Chinese website!