Home > Operation and Maintenance > Linux Operation and Maintenance > How to enable TLS1.2 only in Nginx web server

How to enable TLS1.2 only in Nginx web server

不言
Release: 2019-04-02 13:34:21
Original
7346 people have browsed it

SSL2.0 and SSL3.0 have many known vulnerabilities such as POODLE (CVE-2014-3566), which is why the latest browsers have removed support for these vulnerable protocols. It is recommended that you move your server to use a TLS version, specifically TLS 1.2. This article will introduce how to enable TLS 1.2 using Nginx web server.

How to enable TLS1.2 only in Nginx web server

Enable TLS1.2 in Nginx only

Edit the Nginx server block section of the domain in the configuration file on the server, And add the following ssl_protocols settings. This will enable only TLSv1.2 protocol in Nginx server block.

 ssl_protocols TLSv1.2;
Copy after login

The simplest nginx server block using ssl is as follows

server {
    listen 443 ssl;
    server_name example.com;

    ssl_protocols TLSv1.2;
    ssl_certificate /etc/pki/tls/cert.pem;
    ssl_certificate_key /etc/pki/tls/private/privkey.pem;
Copy after login

Enable TLS 1.1 and 1.2 simultaneously

poodle vulnerability extends from sslv3 to tls 1.0 and 1.1. Therefore, we do not recommend using it for production servers, but if you want to enable it for development. The following configurations can be performed.

 ssl_protocols TLSv1.2 TLSv1.1;
Copy after login

After changing the configuration file, restart the nginx service to apply the new settings.

This article has ended here. For more exciting content, you can pay attention to the Linux Video Tutorial Column on the PHP Chinese website! ! !

The above is the detailed content of How to enable TLS1.2 only in Nginx web server. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template