What's the best way to set up a web server to only use TLS 1.2?

How can Apache or Nginx best be configured to only allow connections using TLS 1.2, and prevent connections from other SSL or TLS protocols?

1 Reply

In both Nginx and Apache you can specify which SSL or TLS protocols to use in the virtual host configuration for a specific website, or in the overall configuration for HTTPS connections.

For Apache you can use the following directive:

SSLProtocol all -SSLv2 -SSLv2 -TLSv1.0 -TLSv1.1

You can also reverse it, as so:

SSLProtocol -all TLSv1.2

There's more information on configuring SSL certificates and mod_ssl in Apache here.

For Nginx you use a slightly different directive:

ssl_protocols TLSv1.2;

There's an official guide on configuring HTTPS in Nginx here.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct