TLS 1.3 Configuration

Last Updated Sun, 15 Apr 2018 2:02:01 -0400

What to expect:

Concept: TLSv1.3 is new. As discussed on the landing page , vulnerable security measures have been removed from the protocol. There are no known vulnerabilities that exists with the current version. We however recommend that you go through the following page in order to understand why and when to upgrade?

Examples for Enabling TLSv1.3:

We have categorized the examples into three sections:- Webservers and Browsers.

    Webservers:

    TLS 1.3 is supported starting from Nginx 1.13 version. If you are running older version then first you got to upgrade.

    Nginx:
    • Login to Nginx server
    • Take a backup of nginx.conf file
    • Modify nginx.conf using vi or your favorite editor

    The default configuration under SSL settings should look like this:
    ...
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ...
    


    Add TLSv1.3 at the end of the line, and so it looks like below:
    ...
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ...
    
    Similar to the Apache config above, you will get TLSv1.0+ support and no SSL. You can check the config and restart.
    
    $sudo nginx -t
    $sudo service nginx restart
    
    
    Browsers: