In this tutorial, we will show you how to enable TLS 1.3 on Apache and Nginx. For those of you who didn’t know, TLS 1.3 makes your web servers more secure with the latest security protocols. The latest TLS 1.3 is supported by all major browsers so there will be no compatibility issue. By using TLS 1.3 it provides better security and fastest speed than all previous TLS versions.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘
sudo‘ to the commands to get root privileges. I will show you through the step-by-step enable transport layer security (TLS) on Apache and Nginx webserver.
Enable TLS 1.3 on Apache and Nginx
Step 1. Enable TLS 1.3 on Apache and Nginx webserver.
- Enable TLS 1.3 on Nginx.
To enable TLS 1.3 in Nginx you will need to fulfill the following requirements:
- Nginx version
1.13.0or greater built against OpenSSL 1.1.1 or greater.
- A valid TLS certificate or a self-signed one. You can get a free one from Let’s Encrypt.
Now navigate to the
nginx.conf file and editing the Nginx Configuration file after that search for given directives:
Find the given lines inside the server block:
ssl_protocols TLSv1.1 TLSv1.2;
Need to replace it with given lines:
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
Lastly, just restart your Nginx:
sudo systemctl restart nginx
- Enable TLS 1.3 on Apache.
Now we find the
ssl.conf file and start modifying it just find the directives given below:
Just locate the given lines inside the configuration files:
SSLProtocol -all +TLSv1.2
Completely modify the given line as below:
SSLProtocol -all +TLSv1.2 +TLSv1.3
Then, restart the Apache webserver to apply changes:
systemctl restart httpd.service
Step 2. Verify your server is using TLS 1.3.
Once successfully enabling TLS 1.3 on your web server, you should always cross-check the configuration made are properly set. We want to introduce a couple of world-class tools which audit your server and gives an accurate report.
- SSL Labs: SSL Lab is one of the free online services which performs a deep analysis about the SSL configurations of any web servers on the internet and shares the configuration gaps. Any buddy can utilize this service to fix the problem caught in the analysis report.
- DigiCert: DigiCertis another popular online service that offers similar services as like as SSL Labs.
Congratulations! You have successfully enabled TLS 1.3. Thanks for using this tutorial for enabling Enable TLS 1.3 on your Linux system.