To configure Nginx to use TLS 1.2 or 1.3 only, you can use the ssl_protocols directive in the Nginx configuration.
For example, to allow only TLS 1.2 connections, you can use the following configuration:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/ssl/certificate.pem;
ssl_certificate_key /path/to/ssl/key.pem;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
location / {
...
}
}
To allow only TLS 1.3 connections, you can use the following configuration:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/ssl/certificate.pem;
ssl_certificate_key /path/to/ssl/key.pem;
ssl_protocols TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384;
location / {
...
}
}
In both cases, be sure to also specify the ssl_ciphers directive to allow only strong ciphers that are supported by the chosen TLS version.
Remember to reload Nginx after making any changes to the configuration.