What's the best way to set up a web server to only use TLS 1.2?

apache nginx ssl tls tls12

Linode 6 years, 5 months ago Linode Staff

How can Apache or Nginx best be configured to only allow connections using TLS 1.2, and prevent connections from other SSL or TLS protocols?

1 Reply

mjones 6 years, 5 months ago Linode Staff

In both Nginx and Apache you can specify which SSL or TLS protocols to use in the virtual host configuration for a specific website, or in the overall configuration for HTTPS connections.

For Apache you can use the following directive:

SSLProtocol all -SSLv2 -SSLv2 -TLSv1.0 -TLSv1.1

You can also reverse it, as so:

SSLProtocol -all TLSv1.2

There's more information on configuring SSL certificates and mod_ssl in Apache here.

For Nginx you use a slightly different directive:

ssl_protocols TLSv1.2;

There's an official guide on configuring HTTPS in Nginx here.

Reply

Description

Please enter an answer

Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Compute

Storage

Networking

Databases

Services

Developer Tools

Industries

Pricing

Community

Engage With Us

What's the best way to set up a web server to only use TLS 1.2?

1 Reply

Reply

Tips: