What's the best way to set up a web server to only use TLS 1.2?
Linode
Linode Staff
How can Apache or Nginx best be configured to only allow connections using TLS 1.2, and prevent connections from other SSL or TLS protocols?
1 Reply
mjones
Linode Staff
In both Nginx and Apache you can specify which SSL or TLS protocols to use in the virtual host configuration for a specific website, or in the overall configuration for HTTPS connections.
For Apache you can use the following directive:
SSLProtocol all -SSLv2 -SSLv2 -TLSv1.0 -TLSv1.1
You can also reverse it, as so:
SSLProtocol -all TLSv1.2
There's more information on configuring SSL certificates and mod_ssl in Apache here.
For Nginx you use a slightly different directive:
ssl_protocols TLSv1.2;
There's an official guide on configuring HTTPS in Nginx here.