0
0
NginxHow-ToBeginner · 4 min read

How to Configure SSL Protocols in Nginx for Secure Connections

To configure SSL protocols in nginx, use the ssl_protocols directive inside the server or http block to specify allowed TLS versions, for example: ssl_protocols TLSv1.2 TLSv1.3;. This controls which SSL/TLS versions Nginx accepts for secure connections.
📐

Syntax

The ssl_protocols directive sets which SSL/TLS protocol versions Nginx will accept for HTTPS connections.

It is placed inside the http, server, or location block.

Example syntax:

  • ssl_protocols TLSv1.2 TLSv1.3; - Enables only TLS 1.2 and 1.3 protocols.
  • ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - Enables older TLS versions (not recommended).
nginx
ssl_protocols TLSv1.2 TLSv1.3;
💻

Example

This example shows a minimal Nginx server block that enables only TLS 1.2 and TLS 1.3 protocols for SSL connections.

nginx
server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/nginx/ssl/example.com.crt;
    ssl_certificate_key /etc/nginx/ssl/example.com.key;

    ssl_protocols TLSv1.2 TLSv1.3;

    location / {
        root /var/www/html;
        index index.html;
    }
}
Output
Nginx will accept HTTPS connections only using TLS 1.2 or TLS 1.3 protocols.
⚠️

Common Pitfalls

Common mistakes when configuring ssl_protocols include:

  • Including deprecated protocols like SSLv3 or TLSv1 which are insecure and often blocked by browsers.
  • Not restarting or reloading Nginx after changes, so the new protocols don't take effect.
  • Setting ssl_protocols outside of the http, server, or location blocks, causing configuration errors.

Wrong example:

ssl_protocols SSLv3 TLSv1;

Right example:

ssl_protocols TLSv1.2 TLSv1.3;
nginx
ssl_protocols SSLv3 TLSv1;  # Wrong: insecure protocols

ssl_protocols TLSv1.2 TLSv1.3;  # Correct: secure protocols
📊

Quick Reference

DirectiveDescriptionExample
ssl_protocolsSets allowed SSL/TLS versionsssl_protocols TLSv1.2 TLSv1.3;
ssl_certificatePath to SSL certificate filessl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_keyPath to SSL private key filessl_certificate_key /etc/nginx/ssl/example.com.key;
listen 443 sslEnables SSL on port 443listen 443 ssl;

Key Takeaways

Use the ssl_protocols directive inside http or server blocks to specify allowed TLS versions.
Only enable secure protocols like TLSv1.2 and TLSv1.3 to protect your site.
Avoid deprecated protocols such as SSLv3, TLSv1, and TLSv1.1 as they are insecure.
Reload or restart Nginx after changing SSL settings to apply them.
Place ssl_protocols in the correct context to avoid configuration errors.

Related by keyword

How to Configure Multiple Sites in Nginx: Simple GuideConfiguration BasicsHow to Configure Nginx: Basic Syntax and ExampleConfiguration BasicsWhat is worker_connections in Nginx: Explanation and UsageConfiguration BasicsHow to Configure Fallback with try_files in nginxLocation BlockHow to Configure Reverse Proxy in Nginx: Simple GuideReverse Proxy

Up next

Round Robin vs Least Connections in NGINX: Key Differences and UsageWhat is Upstream in Nginx: Explanation and ExampleHow to Bypass Cache in Nginx: Simple Configuration GuideHow to Configure Caching in Nginx for Faster Web Performance

More in SSL TLS

How to Auto Renew SSL Certificate in Nginx EasilyHow to Configure HSTS in Nginx for Secure HTTPSHow to Configure SSL Ciphers in Nginx for Secure ConnectionsHow to Configure SSL in Nginx: Simple Steps