How to Enable TLS 1.3 on Popular Web Servers? (2024)

Transport Layer Security plays a vital role in providing security for the data that flow on the internet. Its latest revisionTLS 1.3, has a dramatic increase in performance compared to its predecessor 1.2. Its speed and security capabilities made it mandatory to use in today’s world. Its main function of it is to provide an encrypted channel between the client (the web browser) and the server (the web server) on a public platform like the internet. To set the secure encrypted channel, it is required to configure the TLS protocol at both ends. We have created a dedicated post that covers how toenable TLS 1.3 on popular web browsers. However, now we are going to cover how to enable TLS 1.3 on popular web servers in this article.

Table of Contents

· TLS 1.3 Supported Web Servers:

· Enable TLS 1.3 in Apache

· Enable TLS 1.3 in Nginx

· Enable TLS 1.3 in Tomcat

· How to Verify Your Server is Using TLS 1.3?

TLS 1.3 Supported Web Servers:

It’s important to learn the version of the webserver which supports TLS 1.3 before heading towards enabling TLS 1.3 on popular web servers.

Apachev2.4.38 or above.
Nginxv1.13 and above.
Tomcatv9.0.13, and above.

Enable TLS 1.3 in Apache

To enable TLS 1.3 in Apache, you should be running apache version 2.4.38 or above.

Enable TLS 1.3 in Nginx

You can enable TLS 1.3 in Nginx from version 1.13. The version below 1.13 doesn’t support TLS 1.3. First, upgrade Nginx and enable TLS 1.3.

Login to the Nginx server.
Edit thenginx.conffile using your choice of text editors. We are using nano editor for demonstration purposes.
$ sudo nano /etc/nginx/nginx.conf
The default configuration may look like this:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Append TLSv1.3 to the line to enable TLS 1.3 in Nginix.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
The above configuration will allow TLS 1, 1.1, 1.2, and 1.3.
Save the file and restart Nginx.
$ sudo systemctl restart nginx

Enable TLS 1.3 in Tomcat

Open your Tomcat server.
Edit theserver.xmlfile in Tomcat.
TOMCAT-HOME/conf/server.xml
Add the connector with TLS protocol as below:
<!– Define an SSL Coyote HTTP/1.1 Connector on port 8443 –>
<Connector
protocol=”org.apache.coyote.http11.Http11AprProtocol”
port=”8443″ maxThreads=”200″
scheme=”https” secure=”true” SSLEnabled=”true”
SSLCertificateFile=”/usr/local/ssl/server.crt”
SSLCertificateKeyFile=”/usr/local/ssl/server.pem”
SSLVerifyClient=”optional” SSLProtocol=”TLSv1+TLSv1.1+TLSv1.2+TLSv1.3“/>
Restart your Tomcat.
$ sudo systemctl restart identity_tomcat.service

How to Verify Your Server is Using TLS 1.3?

After enabling TLS 1.3 on your web server, you should always cross-check check the configuration made are properly set. We want to introduce a couple of world-class tools which audit your server and give an accurate report.

SSL Labs:SSL Labis one of the free online services which performs a deep analysis of the SSL configurations of any web servers on the internet and shares the configuration gaps. Any buddy can utilize this service to fix the problem caught in the analysis report.
DigiCert:DigiCertis another popular online service that offers similar services as like SSL Labs.

These two are the all-time favorite services we often use to ensure SSL/TLS configurations on our web servers are meeting standards.

This post is originally published atthesecmaster.com.

We thank everybody who has been supporting our work and request you check outthesecmaster.comfor more such articles.