Enable TLS Version 1.3 on Web Server.

TLS 1.3 released after a decade of TLS 1.2 and it took about 28 drafts to finally get define by IEFT(Internet Engineering Task Force).

TLS 1.3 has countless advantages over its predecessors, which is faster and more secure including a handshake and rebuild cipher suites.

Know everything about TLS 1.3 – Fast and more Secure than its previous versions.

Considering that TLS 1.3 is much faster and more secure, you may want to enable TLS 1.3 on your servers such as Nginx, Apache, Tomcat, Cloudflare and many more.

So, we would like to provide you with the steps on how to enable TLS 1.3 on Nginx, Apache, Tomcat, and Cloudflare.

Enable TLS 1.3 in Nginx

While enabling TLS 1.3 on Nginx, keep in mind that your Nginx version should be 1.13 and further.

It won’t support on Nginx version which is below 1.13. Kindly first upgrade your Nginx with version 1.13+.

• Login to your Nginx server (which should be Nginx version 1.13+)
• Take a backup of the nginx.conf file
• Modify the nginx.conf file using vi or your favorite editor

The default configuration should look like the below image under SSL settings.

• Add TLS 1.3 at the end of the line, and it will look like:

The above configuration will allow TLS 1/1.1/1.2/1.3.

If you wish to enable the secure TLS 1.2/1.3, then your configuration will look like:

• Lastly, just restart your Nginx.

Enable TLS 1.3 in Apache

While enabling TLS 1.3 on Apache, keep in mind that your Apache version should be 2.4.38 and further.

It won’t support on Apache version which is below 2.4.38, you simply must upgrade it first.

Let’s look at the steps….

• Login to your Apache HTTP server.
• Take a backup or ssl.conf file or where you have SSL configuration
• Locate the SSLProtocol line and add +TLS1.3 at the end of the line.

• Save the file and restart your Apache HTTP

Tomcat

• Open your Tomcat server
• Open your server.xml file in tomcat
• Add the connector with TLS protocol as below

<!-- Define an SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
           protocol="org.apache.coyote.http11.Http11AprProtocol"
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           SSLCertificateFile="/usr/local/ssl/server.crt"
           SSLCertificateKeyFile="/usr/local/ssl/server.pem"
           SSLVerifyClient="optional" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2+TLSv1.3"/>

• Now, restart your Tomcat.

Cloudflare

Cloudflare enables it by default for all the websites. However, if you need to disable or check, then here is how you can do it.

• Login to your Cloudflare
• Go to the Crypto tab
• Scroll down a bit, and you will see the TLS 1.3 option.

How to Verify Site is Using TLS 1.3?

Below are some of the tools, which help you to check the supported TLS version that is enabled on your web server.

Here are a few tools to look out for:

SSL Labs– enter your HTTPS URL and scroll down on the test result page.

You will see what all protocols are enabled.

DigiCert’s SSL Installation Diagnostics Tool – enter your HTTPS URL in the Server Address box and make sure you check the box “Check for common vulnerabilities” and click on “Check Server”.

Conclusion:

As we keep our mobile application up-to-date similarly, we must keep the TLS protocol up-to-date. TLS 1.3 is much faster and more secure in terms of its predecessor. If you haven’t enabled the latest version of TLS, then its time for you to enable it now.

If you have any trouble or question regarding SSL, kindly contact us. We are Happy To Help!