Enable TLS 1.2 Only in Nginx

Edit your Nginx server block section for your domain in the configuration file on your server and add set the ssl_protocols as followings. This enables TLSv1.2 only protocol in your Nginx server block.

 ssl_protocols TLSv1.2;

The simplest Nginx server block with SSL looks like below

server {
    listen 443 ssl;
    server_name example.com;

    ssl_protocols TLSv1.2;
    ssl_certificate /etc/pki/tls/cert.pem;
    ssl_certificate_key /etc/pki/tls/private/privkey.pem;


Enable TLS 1.1 and 1.2 Both

As per article was written here POODLE vulnerability expands beyond SSLv3 to TLS 1.0 and 1.1. So we don’t recommend to use this for production server but if you want to enable this for your development. You can do the following configuration.

 ssl_protocols TLSv1.2 TLSv1.1;

After making changes in your configuration file, restart Nginx service to apply new settings.


Byla tato odpověď nápomocná? 0 Uživatelům pomohlo (5 Hlasů)