TLS 1.3 Configuration
Last Updated Sun, 15 Apr 2018 2:02:01 -0400
What to expect:
Concept: TLSv1.3 is new. As discussed on the
landing page , vulnerable security measures have been removed from the protocol. There are no known vulnerabilities that exists with the current version. We however recommend that you go through the following page in order to understand why and when to upgrade?
Examples for Enabling TLSv1.3:
We have categorized the examples into three sections:- Webservers and Browsers.
Webservers:
TLS 1.3 is supported starting from Nginx 1.13 version. If you are running older version then first you got to upgrade.
Nginx:
- Login to Nginx server
- Take a backup of nginx.conf file
- Modify nginx.conf using vi or your favorite editor
The default configuration under SSL settings should look like this:
...
ssl_protocols TLSv1.2;
...
Add TLSv1.3 at the end of the line, and so it looks like below:
...
ssl_protocols TLSv1.2 TLSv1.3;
...
Similar to the Apache config above, you will get TLSv1.0+ support and no SSL. You can check the config and restart.
$sudo nginx -t
$sudo service nginx restart
Browsers: