How To Enable TLS 1.3 on Apache and Nginx

In this tutorial, we will show you how to enable TLS 1.3 on Apache and Nginx. For those of you who didn’t know, TLS 1.3 makes your web servers more secure with the latest security protocols. The latest TLS 1.3 is supported by all major browsers so there will be no compatibility issue. By using TLS 1.3 it provides better security and the fastest speed than all previous TLS versions.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step enable transport layer security (TLS)  on Apache and Nginx web servers.

Prerequisites

• A server running one of the following operating systems: Ubuntu or CentOS Linux.
• It’s recommended that you use a fresh OS install to prevent any potential issues.
• A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Enable TLS 1.3 on Apache and Nginx

Step 1. Enable TLS 1.3 on Apache and Nginx webserver.

Enable TLS 1.3 on Nginx.

To enable TLS 1.3 in Nginx you will need to fulfill the following requirements:

• Nginx version 1.13.0 or greater built against OpenSSL 1.1.1 or greater.
• A valid TLS certificate or a self-signed one. You can get a free one from Let’s Encrypt.

Now navigate to the nginx.conf file and editing the Nginx Configuration file after that search for the given directives:

nano /etc/nginx/nginx.conf

Find the given lines inside the server block:

ssl_protocols TLSv1.1 TLSv1.2;

Need to replace it with the given lines:

ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;

Lastly, just restart your Nginx:

sudo systemctl restart nginx

For additional resources on installing Nginx, read the post below:

• How to install Nginx on Rocky Linux √

Enable TLS 1.3 on Apache.

Now we find the ssl.conf file and start modifying it just find the directives given below:

nano /etc/httpd/conf.d/ssl.conf

Just locate the given lines inside the configuration files:

SSLProtocol -all +TLSv1.2

Completely modify the given line as below:

SSLProtocol -all +TLSv1.2 +TLSv1.3

Then, restart the Apache webserver to apply changes:

systemctl restart httpd.service

For additional resources on installing Apache, read the post below:

• How to install Apache on Ubuntu Linux √

Step 2. Verify your server is using TLS 1.3.

Once successfully enable TLS 1.3 on your web server, you should always cross-check that the configuration made are properly set. We want to introduce a couple of world-class tools which audit your server and give an accurate report.

1. SSL Labs: SSL Lab is one of the free online services which performs a deep analysis of the SSL configurations of any web servers on the internet and shares the configuration gaps. Any buddy can utilize this service to fix the problem caught in the analysis report.
2. DigiCert: DigiCert is another popular online service that offers similar services to SSL Labs.

Congratulations! You have successfully enabled TLS 1.3. Thanks for using this tutorial for enabling Enable TLS 1.3 on your Linux system.