• Home
  • |
  • Blog
  • |
  • How To Enable TLS 1.3 On Popular Web Servers?
How to Enable TLS 1.3 on popular Web Servers

Transport Layer Security plays a vital role in providing security for the data that flow on the internet. Its latest revision TLS 1.3 has a dramatic increase in performance compared to its predecessor 1.2. Its speed and security capabilities made it mandatory to use in today’s world. The main function of it is to provide an encrypted channel between the client (the web browser) and the server (the webserver) on a public platform like the internet. To set the secure encrypted channel it is required to configure TLS protocol at both ends. We have created a dedicated post that covers how to enable TLS 1.3 on popular web browsers. However, now we are going to cover how to enable TLS 1.3 on popular web servers in this article.

TLS 1.3 Supported Web Servers:

It’s important to learn the version of the webserver which supports TLS 1.3 before heading towards enabling TLS 1.3 on popular web servers.

  1. Apache v2.4.38 or above.
  2. Nginx v1.13 and above.
  3. Tomcat v9.0.13, and above.

Enable TLS 1.3 In Apache

To enable TLS 1.3 in Apache, you should be running apache version 2.4.38 or above.

  1. Login to your Apache web server.
  2. locate ssl.conf file under these directories.
  3. /etc/httpd/conf.d/
  4. or
  5. /etc/apache2/mods-available/
  6. Edit the ssl.conf file using your choice of text editors. We are using nano editor for demonstration purpose.
  7. Default configuration may look like this:
  8. SSLProtocols – all +TLSv1 +TLSv1.1 +TLSv1.2
  9. Append +TLSv1.3 to the line to enable TLS 1.3 in Nginix.
  10. SSLProtocols – all +TLSv1 +TLSv1.1 +TLSv1.2 +TLSv1.3
  11. The above configuration will allow TLS 1, 1.1, 1.2, and 1.3.
  12. Save the file and restart Apache.
  13. $ sudo systemctl restart apache2

Enable TLS 1.3 In Nginx

You can enable TLS 1.3 in Nginx from version 1.13. Version below 1.13 doesn’t support TLS 1.3. First upgrade Nginx and enable TLS 1.3.

  1. Login to Nginx server.
  2. Edit the nginx.conf file using your choice of text editors. We are using nano editor for demonstration purpose.
  3. $ sudo nano /etc/nginx/nginx.conf
  4. Default configuration may look like this:
  5. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  6. Append TLSv1.3 to the line to enable TLS 1.3 in Nginix.
  7. ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  8. The above configuration will allow TLS 1, 1.1, 1.2, and 1.3.
  9. Save the file and restart Nginx.
  10. $ sudo systemctl restart nginx

Enable TLS 1.3 In Tomcat

  1. Open your Tomcat server.
  2. Edit the server.xml file in Tomcat.
  3. TOMCAT-HOME/conf/server.xml
  4. Add the connector with TLS protocol as below:
  5. <!– Define an SSL Coyote HTTP/1.1 Connector on port 8443 –>
  6. <Connector
  7.            protocol=”org.apache.coyote.http11.Http11AprProtocol”
  8.            port=”8443″ maxThreads=”200″
  9.            scheme=”https” secure=”true” SSLEnabled=”true”
  10.            SSLCertificateFile=”/usr/local/ssl/server.crt”
  11.            SSLCertificateKeyFile=”/usr/local/ssl/server.pem”
  12.            SSLVerifyClient=”optional” SSLProtocol=”TLSv1+TLSv1.1+TLSv1.2+TLSv1.3“/>
  13. Restart your Tomcat.
  14. $ sudo systemctl restart identity_tomcat.service

How To Verify Your Server Is Using TLS 1.3?

After enabling the TLS 1.3 on your web server, you chould always cross check the configuration made are properly set. We want to introduce a couple of world class tools which audits your server and gives accurate report.

  1. SSL Labs: SSL Lab is one of the free online service which performs a deep analysis about the SSL configurations of any web servers on the internet and shares the configuration gaps. Any buddy can utilise this service to fix the problem caught in the analysis report.
  2. DigiCert: DigiCert is another popular online service which offers similar service as like as SSL Labs.

These two are the all-time favourite services we use oftentimes to make sure SSL/TLS configurations on our web servers are meeting standards.
That’s all about this article. Thanks for reading this article. Please read more such interesting articles here below:

About the author

Arun KL

To know more about me. Follow me on LinkedIn Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.