AlmaLinuxCentOSDebianLinuxLinux MintManjaroTutorialsUbuntu

How To Enable TLS 1.3 on Apache and Nginx

Enable TLS 1.3 on Apache and Nginx

In this tutorial, we will show you how to enable TLS 1.3 on Apache and Nginx. For those of you who didn’t know, TLS 1.3 makes your web servers more secure with the latest security protocols. The latest TLS 1.3 is supported by all major browsers so there will be no compatibility issue. By using TLS 1.3 it provides better security and the fastest speed than all previous TLS versions.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step enable transport layer security (TLS)  on Apache and Nginx web servers.

Prerequisites

  • A server running one of the following operating systems: Ubuntu or CentOS Linux.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Enable TLS 1.3 on Apache and Nginx

Step 1. Enable TLS 1.3 on Apache and Nginx webserver.

Enable TLS 1.3 on Nginx.

To enable TLS 1.3 in Nginx you will need to fulfill the following requirements:

  • Nginx version 1.13.0 or greater built against OpenSSL 1.1.1 or greater.
  • A valid TLS certificate or a self-signed one. You can get a free one from Let’s Encrypt.

Now navigate to the nginx.conf file and editing the Nginx Configuration file after that search for the given directives:

nano /etc/nginx/nginx.conf

Find the given lines inside the server block:

ssl_protocols TLSv1.1 TLSv1.2;

Need to replace it with the given lines:

ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;

Lastly, just restart your Nginx:

sudo systemctl restart nginx

For additional resources on installing Nginx, read the post below:

Enable TLS 1.3 on Apache.

Now we find the ssl.conf file and start modifying it just find the directives given below:

nano /etc/httpd/conf.d/ssl.conf

Just locate the given lines inside the configuration files:

SSLProtocol -all +TLSv1.2

Completely modify the given line as below:

SSLProtocol -all +TLSv1.2 +TLSv1.3

Then, restart the Apache webserver to apply changes:

systemctl restart httpd.service

For additional resources on installing Apache, read the post below:

Step 2. Verify your server is using TLS 1.3.

Once successfully enable TLS 1.3 on your web server, you should always cross-check that the configuration made are properly set. We want to introduce a couple of world-class tools which audit your server and give an accurate report.

  1. SSL Labs: SSL Lab is one of the free online services which performs a deep analysis of the SSL configurations of any web servers on the internet and shares the configuration gaps. Any buddy can utilize this service to fix the problem caught in the analysis report.
  2. DigiCert: DigiCert is another popular online service that offers similar services to SSL Labs.

Congratulations! You have successfully enabled TLS 1.3. Thanks for using this tutorial for enabling Enable TLS 1.3 on your Linux system.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button