In this tutorial, we will show you how to enable TLS 1.3 on Apache and Nginx. For those of you who didn’t know, TLS 1.3 makes your web servers more secure with the latest security protocols. The latest TLS 1.3 is supported by all major browsers so there will be no compatibility issue. By using TLS 1.3 it provides better security and fastest speed than all previous TLS versions.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘
sudo‘ to the commands to get root privileges. I will show you the step-by-step enable transport layer security (TLS) on Apache and Nginx webservers.
- A server running one of the following operating systems: Ubuntu or CentOS Linux.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
non-root sudo useror access to the
root user. We recommend acting as a
non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Enable TLS 1.3 on Apache and Nginx
Step 1. Enable TLS 1.3 on Apache and Nginx webserver.
- Enable TLS 1.3 on Nginx.
To enable TLS 1.3 in Nginx you will need to fulfill the following requirements:
- Nginx version
1.13.0or greater built against OpenSSL 1.1.1 or greater.
- A valid TLS certificate or a self-signed one. You can get a free one from Let’s Encrypt.
Now navigate to the
nginx.conf file and editing the Nginx Configuration file after that search for given directives:
Find the given lines inside the server block:
ssl_protocols TLSv1.1 TLSv1.2;
Need to replace it with the given lines:
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
Lastly, just restart your Nginx:
sudo systemctl restart nginx
- Enable TLS 1.3 on Apache.
Now we find the
ssl.conf file and start modifying it just find the directives given below:
Just locate the given lines inside the configuration files:
SSLProtocol -all +TLSv1.2
Completely modify the given line as below:
SSLProtocol -all +TLSv1.2 +TLSv1.3
Then, restart the Apache webserver to apply changes:
systemctl restart httpd.service
Step 2. Verify your server is using TLS 1.3.
Once successfully enabling TLS 1.3 on your web server, you should always cross-check the configuration made are properly set. We want to introduce a couple of world-class tools which audit your server and give an accurate report.
- SSL Labs: SSL Lab is one of the free online services which performs a deep analysis of the SSL configurations of any web servers on the internet and shares the configuration gaps. Any buddy can utilize this service to fix the problem caught in the analysis report.
- DigiCert: DigiCertis another popular online service that offers similar services to SSL Labs.
Congratulations! You have successfully enabled TLS 1.3. Thanks for using this tutorial for enabling Enable TLS 1.3 on your Linux system.