How to enable TLS 1.2 and TLS 1.3 in Linux?
Have you been wondering how to enable TLS 1.2 and TLS 1.3 in Linux?
TLS (Transport Layer Security) is a cryptographic protocol that provides secure communication over the internet. It is used to establish secure connections between clients and servers, and it is used to encrypt data transmitted between them. There are several versions of TLS, with TLS 1.0, 1.2, and 1.3 being the most commonly used. In this article, we will show you how to enable TLS 1.2 and 1.3 in Linux.
To disable TLS 1.0 and enable TLS 1.2 and 1.3 in Linux, you will need to edit the configuration files of your web server software. The exact steps will vary depending on the web server software you are using. Here are the steps for some common web servers:
Related: How to enable TLS 1.2 and TLS 1.3 in Plesk panel
How to enable TLS 1.2 and TLS 1.3 in Apache
- Open the Apache configuration file in a text editor. The file is usually located at /etc/apache2/apache2.conf.
- Add the following lines to the configuration file:
SSLProtocol all -TLSv1 -TLSv1.1
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
- Save the configuration file and restart Apache.
How to enable TLS 1.2 and TLS 1.3 in Nginx
- Open the Nginx configuration file in a text editor. The file is usually located at /etc/nginx/nginx.conf.
- Add the following lines to the configuration file:
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
- Save the configuration file and restart Nginx.
How to enable TLS 1.2 and TLS 1.3 in Lighttpd
- Open the Lighttpd configuration file in a text editor. The file is usually located at /etc/lighttpd/lighttpd.conf.
- Add the following lines to the configuration file:
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECD
Disclosure: We may earn commission for purchases that are made by visitors on this site at no additional cost on your end. All information is for educational purposes and is not intended for financial advice. Read our affiliate disclosure.