Nginx : TLS 1.2 support
Couple of days back I was toying with this website https://www.ssllabs.com/ssltest/ to see how good is my website SSL strength. Unfortunately, from the report.... got a B grade. The reason given is that TLS 1.2 is not supported.
To enable TLS 1.2 support in Nginx, do the following
Check if your OpenSSL version is up to date with openssl version -a
command and you should see output like :
OpenSSL 1.0.1i 6 Aug 2014
built on: Thu Aug 7 09:43:31 UTC 2014
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -DOPENSSLTHREADS -DREENTRANT -DDSODLFCN -DHAVEDLFCNH -Wa,--noexecstack -m64 -DLENDIAN -DTERMIO -O3 -Wall -
DOPENSSLIA32SSE2 -DOPENSSLBNASMMONT -DOPENSSLBNASMMONT5 -DOPENSSLBNASMGF2m -DSHA1ASM -DSHA256_ASM -
DSHA512ASM -DMD5ASM -DAESASM -DVPAESASM -DBSAESASM -DWHIRLPOOLASM -DGHASH_ASM
OPENSSLDIR: "/usr/local/ssl"
At minimum get openssl version 1.0.1 and above
Next step is go to nginx configuration directory. In my case, it is located at /usr/local/nginx/conf
and modify nginx.conf file.
search for the ssl_protocols
config line such as
ssl_protocols SSLv2 SSLv3 TLSv1;
and change the line by adding TLSv1.2 and TLSv1.1
ssl_protocols SSLv2 SSLv3 TLSv1.2 TLSv1.1 TLSv1;
Note : Depending on your nginx.conf file, the configuration may be slightly different. However, the ssl_protocols
line should be under the server block listening to port 443.
Restart nginx and run the SSL query again at https://www.ssllabs.com/ssltest/ for your website. TLS 1.2 support should be enabled by now.
By Adam Ng
IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.
Advertisement
Tutorials
+28.9k Golang : Calculate percentage change of two values
+14.5k Golang : Read large file with bufio.Scanner cause token too long error
+7k Golang : Qt splash screen with delay example
+7.3k Useful methods to access blocked websites
+20.5k Golang : Match strings by wildcard patterns with filepath.Match() function
+4.6k PHP : Convert string to timestamp or datestamp before storing to database(MariaDB/MySQL)
+11.8k Golang : Increment string example
+46.9k Golang : Upload file from web browser to server
+12.7k Golang : How to pass map to html template and access the map's elements
+12.3k Golang : Convert spaces to tabs and back to spaces example
+22.7k Golang : Find biggest/largest number in array
+7.9k Golang : Generate EAN barcode