how to enable TLSv1.1 and TLSv1.2 on nginx Debian squeeze?
Solution 1
According to archive.org ( http://web.archive.org/web/20120116033748/http://nginx.org/en/docs/http/configuring_https_servers.html ) TLSv1.2 support was added between january and february 2012. Nginx 0.7.67 is from 2010.
You might want to use the backport of nginx 1.2 ( http://packages.debian.org/search?keywords=nginx ) and you almost certainly want to look into upgrading the OS :P
Solution 2
openssl @ squeeze is: OpenSSL 0.9.8o 01 Jun 2010, but you'll need 1.0.1x, so you'll have download openssl-sources and tell nginx @ compile-time which version to use:
./configure ... --with-http_ssl_module \
--with-openssl=/path/to/openssl_source/ ...
i wouldnt recommend to update the system's openssl-packages from backports et al.
Related videos on Youtube
11 : 59
02 : 47
56 : 39
04 : 20
02 : 27
Gon
Updated on September 18, 2022Comments
-
Gon almost 2 years
For security I have to setup a nginx server with TLSv1.1 or TLS v1.2. By default, nginx configuresTLSv1.
Reading the documentation I see that nginx has to set the following directive:
ssl_protocols TLSv1.1 TLSv1.2;http://nginx.org/en/docs/http/configuring_https_servers.html
But when I run the command:
# /etc/init.d/nginx configtestFollowing message appears:
Testing nginx configuration: [warn]: invalid value "TLSv1.1" in /etc/nginx/nginx.conf: 175 configuration file /etc/nginx/nginx.conf test failedIs documentation lies?
platform is Debian Squeeze and nginx version is 0.7.67
thanks
-
Gon almost 11 yearsThanks for responding Apart from updating nginx, would need to update the openssl package or version already supports 0.9.8o TLSv1.1 and TLSv1.2?
-
Michael Hampton almost 11 years@Gon At this point squeeze is so ancient you're almost certainly better off rebuilding the server on an up-to-date distribution, which Debian almost never is.