zurassic
Published in

zurassic

How to completely disable TLS v1 from Nginx?

Photo by Dayne Topkin on Unsplash

How to remove?

  • remove TLS v1 from nginx config file
  • in the same file, add default_server to one of your server block: listen 443 ssl default_server;

How to test?

  1. From web UI: https://www.ssllabs.com/ssltest/analyze.html
  2. Using nmap: nmap — script ssl-enum-ciphers -p 443 www.your-site.com
  3. Using openssl: openssl s_client -connect www.your-site.com:443 -tls1 < /dev/null

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store