As you might well know, all major browsers are dropping TLS 1.0 and 1.1 support in 2020. If you have a website on a hosting service, you might not need to worry about this, since most of them will do it automatically without you even notice, but if you have your own server and you are your own sysadmin, you might need to know how to perform this changes by yourself.
NGINX
Open your Nginx config file within
1 |
$ sudo nano /etc/nginx/nginx.conf |
You should have a line similar to this one
1 |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
So you just need to remove TLSv1 and TLSv1.1 and then reload your nginx server.
1 |
$ sudo service nginx reload |
APACHE
Open your Apache config file
1 |
$ sudo nano /etc/httpd/conf.d |
Look for the SSL Protocol Support section that should look like this:
1 |
SSLProtocol all -SSLv2 -SSLv3 |
Change if for the following line:
1 |
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 |
Look for the SSL Ciphers line that should look like this
1 |
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA |
And change it for the following
1 |
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES |
Make sure that ciphers are being used
1 |
SSLHonorCipherOrder on |
Restart your server to apply the changes
1 |
$ sudo service httpd restart |