dan
Reputation: 45652
How do you configure nginx (dev branch) to refuse to use less than TLS1.1?
I need to configure nginx to require TLS1.1 (and not TLS1.0) at minimum for connections over ssl. I've install the development branch nginx/1.1.16. How can I configure nginx to require TLS1.1 at a minimum on port 443, and how can I confirm that this configuration is working?
Upvotes: 0
Views: 571
Answers (1)
omnigrok
Reputation: 53
So first you need to make sure you're using a version of OpenSSL that even supports TLS 1.1 (1.0.1 or higher - as yet unreleased, so grab the beta), and that you're linking nginx against it, otherwise you just can't negotiate 1.1.
Then just set the directive: ssl_protocols TLSv1.1 TLSv1.2; (the wiki needs updating, but these are the constants I see in the source)
Upvotes: 1
Related Questions
- How to enforce the server to use only TLSv1.2?
- How to enable back TLSv1 and TLSv1.1 on nginx?
- Disable TLS 1.0 and TLS 1.1 in Greenlock-Express
- Nginx with TLS 1.3
- How to disable tls 1.0 and use only tls 1.1 using nodejs
- How to disable TLS 1.0 in NGINX?
- Forcing TLS 1.1 or higher on node.js
- How to force ssl/tls on nginx on a single port
- How to enable TLS 1.2 in Nginx?
- Restrict SSL protocols to TLS 1.2 on Vert.x