{"id":2043,"date":"2023-01-27T10:50:59","date_gmt":"2023-01-27T05:20:59","guid":{"rendered":"https:\/\/trysiteprice.com\/blog\/?p=2043"},"modified":"2023-01-27T10:50:59","modified_gmt":"2023-01-27T05:20:59","slug":"how-to-configure-nginx-to-use-tls-1-2-1-3-only","status":"publish","type":"post","link":"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/","title":{"rendered":"How To Configure Nginx to use TLS 1.2 \/ 1.3 only"},"content":{"rendered":"<p>To configure Nginx to use only TLS 1.2 or 1.3, you will need to modify the Nginx configuration file.<\/p>\n<ol>\n<li>Open the Nginx configuration file located at \/etc\/nginx\/nginx.conf in a text editor.<\/li>\n<li>Find the &#8220;http&#8221; block in the file and add the following line:<\/li>\n<\/ol>\n<div class=\"bg-black mb-4 rounded-md\">\n<div class=\"flex items-center relative text-gray-200 bg-gray-800 px-4 py-2 text-xs font-sans\"><\/div>\n<div class=\"p-4 overflow-y-auto\"><code class=\"!whitespace-pre-wrap hljs\">ssl_protocols TLSv1.2 TLSv1.3;<br \/>\n<\/code><\/div>\n<\/div>\n<p>This will tell Nginx to only use TLS 1.2 and 1.3.<\/p>\n<ol start=\"3\">\n<li>If you only want to use a specific version of TLS, you can specify only that version in the ssl_protocols directive instead of both versions.<\/li>\n<li>If you want to disable a specific version of TLS, you can add the ssl_ciphers directive in the http block, and specify the ciphers that you want to disable, for example:<\/li>\n<\/ol>\n<div class=\"bg-black mb-4 rounded-md\">\n<div class=\"flex items-center relative text-gray-200 bg-gray-800 px-4 py-2 text-xs font-sans\"><\/div>\n<div class=\"p-4 overflow-y-auto\"><code class=\"!whitespace-pre-wrap hljs language-ruby\">ssl_ciphers <span class=\"hljs-variable constant_\">ECDHE<\/span>-<span class=\"hljs-variable constant_\">ECDSA<\/span>-<span class=\"hljs-variable constant_\">AES256<\/span>-<span class=\"hljs-variable constant_\">GCM<\/span>-<span class=\"hljs-variable constant_\">SHA384<\/span><span class=\"hljs-symbol\">:ECDHE-RSA-AES256-GCM-SHA384<\/span><span class=\"hljs-symbol\">:ECDHE-ECDSA-CHACHA20-POLY1305<\/span><span class=\"hljs-symbol\">:ECDHE-RSA-CHACHA20-POLY1305<\/span><span class=\"hljs-symbol\">:ECDHE-ECDSA-AES128-GCM-SHA256<\/span><span class=\"hljs-symbol\">:ECDHE-RSA-AES128-GCM-SHA256<\/span><span class=\"hljs-symbol\">:ECDHE-ECDSA-AES256-SHA384<\/span><span class=\"hljs-symbol\">:ECDHE-RSA-AES256-SHA384<\/span><span class=\"hljs-symbol\">:ECDHE-ECDSA-AES128-SHA256<\/span><span class=\"hljs-symbol\">:ECDHE-RSA-AES128-SHA256<\/span>;<br \/>\n<\/code><\/div>\n<\/div>\n<p>Note that you should use a strong set of ciphers that are considered secure, it&#8217;s recommended to use the Mozilla recommended ciphers, as they are regularly updated to reflect the current security landscape.<\/p>\n<ol start=\"5\">\n<li>Save the configuration file and close it.<\/li>\n<li>Test the configuration by running the following command:<\/li>\n<\/ol>\n<div class=\"bg-black mb-4 rounded-md\">\n<div class=\"flex items-center relative text-gray-200 bg-gray-800 px-4 py-2 text-xs font-sans\"><\/div>\n<div class=\"p-4 overflow-y-auto\"><code class=\"!whitespace-pre-wrap hljs\">sudo nginx -t<br \/>\n<\/code><\/div>\n<\/div>\n<p>This command checks the configuration file for any errors.<\/p>\n<ol start=\"7\">\n<li>If the configuration is correct, reload Nginx to apply the changes:<\/li>\n<\/ol>\n<div class=\"bg-black mb-4 rounded-md\">\n<div class=\"flex items-center relative text-gray-200 bg-gray-800 px-4 py-2 text-xs font-sans\"><\/div>\n<div class=\"p-4 overflow-y-auto\"><code class=\"!whitespace-pre-wrap hljs\">sudo systemctl reload nginx<br \/>\n<\/code><\/div>\n<\/div>\n<ol start=\"8\">\n<li>You can check the SSL\/TLS version that the server is using by using online SSL checker such as SSL Labs, or by using openssl s_client command.<\/li>\n<\/ol>\n<p>It&#8217;s important to note that this configuration will only disable certain versions of SSL\/TLS, but it will not ensure that the server is configured securely. To ensure that your server is configured securely, you should follow best practices and guidelines for server hardening and regularly update your system and software.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>To configure Nginx to use only TLS 1.2 or 1.3, you will need to modify the Nginx configuration file. Open the Nginx configuration file located at \/etc\/nginx\/nginx.conf in a text editor. Find the &#8220;http&#8221; block in the file and add the following line: ssl_protocols TLSv1.2 TLSv1.3; This will tell Nginx to only use TLS 1.2 &#8230; <a title=\"How To Configure Nginx to use TLS 1.2 \/ 1.3 only\" class=\"read-more\" href=\"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/\" aria-label=\"Read more about How To Configure Nginx to use TLS 1.2 \/ 1.3 only\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2043","post","type-post","status-publish","format-standard","hentry","category-best-tutorial"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How To Configure Nginx to use TLS 1.2 \/ 1.3 only - TrySitePrice<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How To Configure Nginx to use TLS 1.2 \/ 1.3 only - TrySitePrice\" \/>\n<meta property=\"og:description\" content=\"To configure Nginx to use only TLS 1.2 or 1.3, you will need to modify the Nginx configuration file. Open the Nginx configuration file located at \/etc\/nginx\/nginx.conf in a text editor. Find the &#8220;http&#8221; block in the file and add the following line: ssl_protocols TLSv1.2 TLSv1.3; This will tell Nginx to only use TLS 1.2 ... Read more\" \/>\n<meta property=\"og:url\" content=\"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/\" \/>\n<meta property=\"og:site_name\" content=\"TrySitePrice\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-27T05:20:59+00:00\" \/>\n<meta name=\"author\" content=\"Rahul Sahu\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/\"},\"author\":{\"name\":\"Rahul Sahu\",\"@id\":\"https:\/\/trysiteprice.com\/blog\/#\/schema\/person\/358e04eeea4281deacad2f30c58e67f4\"},\"headline\":\"How To Configure Nginx to use TLS 1.2 \/ 1.3 only\",\"datePublished\":\"2023-01-27T05:20:59+00:00\",\"dateModified\":\"2023-01-27T05:20:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/\"},\"wordCount\":266,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/trysiteprice.com\/blog\/#organization\"},\"articleSection\":[\"Best\/Tutorial\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/\",\"url\":\"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/\",\"name\":\"How To Configure Nginx to use TLS 1.2 \/ 1.3 only - TrySitePrice\",\"isPartOf\":{\"@id\":\"https:\/\/trysiteprice.com\/blog\/#website\"},\"datePublished\":\"2023-01-27T05:20:59+00:00\",\"dateModified\":\"2023-01-27T05:20:59+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/trysiteprice.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How To Configure Nginx to use TLS 1.2 \/ 1.3 only\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/trysiteprice.com\/blog\/#website\",\"url\":\"https:\/\/trysiteprice.com\/blog\/\",\"name\":\"TrySitePrice\",\"description\":\"Free Website Value Calculator Tool\",\"publisher\":{\"@id\":\"https:\/\/trysiteprice.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/trysiteprice.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/trysiteprice.com\/blog\/#organization\",\"name\":\"TrySitePrice\",\"url\":\"https:\/\/trysiteprice.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/trysiteprice.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/trysiteprice.com\/blog\/wp-content\/uploads\/2021\/12\/cropped-trysiteprice-logo.png\",\"contentUrl\":\"https:\/\/trysiteprice.com\/blog\/wp-content\/uploads\/2021\/12\/cropped-trysiteprice-logo.png\",\"width\":395,\"height\":268,\"caption\":\"TrySitePrice\"},\"image\":{\"@id\":\"https:\/\/trysiteprice.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/trysiteprice.com\/blog\/#\/schema\/person\/358e04eeea4281deacad2f30c58e67f4\",\"name\":\"Rahul Sahu\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/trysiteprice.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/51f0f95f7b95665f62baed2211572165?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/51f0f95f7b95665f62baed2211572165?s=96&d=mm&r=g\",\"caption\":\"Rahul Sahu\"},\"sameAs\":[\"https:\/\/trysiteprice.com\/blog\"],\"url\":\"https:\/\/trysiteprice.com\/blog\/author\/rsahu4242_trysiteprice\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How To Configure Nginx to use TLS 1.2 \/ 1.3 only - TrySitePrice","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/","og_locale":"en_US","og_type":"article","og_title":"How To Configure Nginx to use TLS 1.2 \/ 1.3 only - TrySitePrice","og_description":"To configure Nginx to use only TLS 1.2 or 1.3, you will need to modify the Nginx configuration file. Open the Nginx configuration file located at \/etc\/nginx\/nginx.conf in a text editor. Find the &#8220;http&#8221; block in the file and add the following line: ssl_protocols TLSv1.2 TLSv1.3; This will tell Nginx to only use TLS 1.2 ... Read more","og_url":"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/","og_site_name":"TrySitePrice","article_published_time":"2023-01-27T05:20:59+00:00","author":"Rahul Sahu","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/#article","isPartOf":{"@id":"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/"},"author":{"name":"Rahul Sahu","@id":"https:\/\/trysiteprice.com\/blog\/#\/schema\/person\/358e04eeea4281deacad2f30c58e67f4"},"headline":"How To Configure Nginx to use TLS 1.2 \/ 1.3 only","datePublished":"2023-01-27T05:20:59+00:00","dateModified":"2023-01-27T05:20:59+00:00","mainEntityOfPage":{"@id":"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/"},"wordCount":266,"commentCount":0,"publisher":{"@id":"https:\/\/trysiteprice.com\/blog\/#organization"},"articleSection":["Best\/Tutorial"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/","url":"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/","name":"How To Configure Nginx to use TLS 1.2 \/ 1.3 only - TrySitePrice","isPartOf":{"@id":"https:\/\/trysiteprice.com\/blog\/#website"},"datePublished":"2023-01-27T05:20:59+00:00","dateModified":"2023-01-27T05:20:59+00:00","breadcrumb":{"@id":"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/trysiteprice.com\/blog\/how-to-configure-nginx-to-use-tls-1-2-1-3-only\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/trysiteprice.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How To Configure Nginx to use TLS 1.2 \/ 1.3 only"}]},{"@type":"WebSite","@id":"https:\/\/trysiteprice.com\/blog\/#website","url":"https:\/\/trysiteprice.com\/blog\/","name":"TrySitePrice","description":"Free Website Value Calculator Tool","publisher":{"@id":"https:\/\/trysiteprice.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/trysiteprice.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/trysiteprice.com\/blog\/#organization","name":"TrySitePrice","url":"https:\/\/trysiteprice.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/trysiteprice.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/trysiteprice.com\/blog\/wp-content\/uploads\/2021\/12\/cropped-trysiteprice-logo.png","contentUrl":"https:\/\/trysiteprice.com\/blog\/wp-content\/uploads\/2021\/12\/cropped-trysiteprice-logo.png","width":395,"height":268,"caption":"TrySitePrice"},"image":{"@id":"https:\/\/trysiteprice.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/trysiteprice.com\/blog\/#\/schema\/person\/358e04eeea4281deacad2f30c58e67f4","name":"Rahul Sahu","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/trysiteprice.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/51f0f95f7b95665f62baed2211572165?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/51f0f95f7b95665f62baed2211572165?s=96&d=mm&r=g","caption":"Rahul Sahu"},"sameAs":["https:\/\/trysiteprice.com\/blog"],"url":"https:\/\/trysiteprice.com\/blog\/author\/rsahu4242_trysiteprice\/"}]}},"_links":{"self":[{"href":"https:\/\/trysiteprice.com\/blog\/wp-json\/wp\/v2\/posts\/2043","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trysiteprice.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/trysiteprice.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/trysiteprice.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/trysiteprice.com\/blog\/wp-json\/wp\/v2\/comments?post=2043"}],"version-history":[{"count":1,"href":"https:\/\/trysiteprice.com\/blog\/wp-json\/wp\/v2\/posts\/2043\/revisions"}],"predecessor-version":[{"id":2047,"href":"https:\/\/trysiteprice.com\/blog\/wp-json\/wp\/v2\/posts\/2043\/revisions\/2047"}],"wp:attachment":[{"href":"https:\/\/trysiteprice.com\/blog\/wp-json\/wp\/v2\/media?parent=2043"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/trysiteprice.com\/blog\/wp-json\/wp\/v2\/categories?post=2043"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/trysiteprice.com\/blog\/wp-json\/wp\/v2\/tags?post=2043"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}