How to completely disable TLS v1 from Nginx?
Published in
1 min readJan 26, 2019
One of my production web app needs to pass compliance and TLS v1 is not acceptable. I’m using Nginx docker image as my reverse proxy and removing TLS v1 seems easy according to Google:
All articles suggest to remove ‘TLS v1" from nginx config file and I did that, but it didn’t work.
After another hour of testing, here is the solution I find out that worked:
In summary:
How to remove?
- remove
TLS v1
from nginx config file - in the same file, add
default_server
to one of your server block:listen 443 ssl default_server;
How to test?
There are several ways of testing the configuration
- From web UI: https://www.ssllabs.com/ssltest/analyze.html
- Using nmap:
nmap — script ssl-enum-ciphers -p 443 www.your-site.com
- Using openssl:
openssl s_client -connect www.your-site.com:443 -tls1 < /dev/null