What's the best way to set up a web server to only use TLS 1.2?
How can Apache or Nginx best be configured to only allow connections using TLS 1.2, and prevent connections from other SSL or TLS protocols?
In both Nginx and Apache you can specify which SSL or TLS protocols to use in the virtual host configuration for a specific website, or in the overall configuration for HTTPS connections.
For Apache you can use the following directive:
SSLProtocol all -SSLv2 -SSLv2 -TLSv1.0 -TLSv1.1
You can also reverse it, as so:
SSLProtocol -all TLSv1.2
There's more information on configuring SSL certificates and mod_ssl in Apache here.
For Nginx you use a slightly different directive:
There's an official guide on configuring HTTPS in Nginx here.