![\"How](\"https:\/\/webhostinggeeks.com\/howto\/wp-content\/uploads\/2023\/06\/How-to-Enable-TLS-1.3-in-Apache-and-Nginx-on-Ubuntu-and-CentOS-1024x768.jpg\")
<\/p>\n<\/p>\n
It’s crucial for webmasters and server administrators to stay updated with the latest protocols and technologies. One such technology is Transport Layer Security<\/a> (in short – TLS) 1.3, the most recent version of the protocol that ensures secure communication over a computer network.<\/p>\n TLS 1.3 offers several improvements over its predecessor, TLS 1.2, including enhanced security and faster connection times. However, enabling it requires careful configuration of your web server. Whether you’re using Apache<\/a> or Nginx<\/a>, this guide will walk you through the process of enabling TLS 1.3 in Apache and Nginx on two popular Linux distributions (Ubuntu<\/a> and CentOS<\/a>) step by step.<\/p>\n Before we dive into the tutorial, it’s important to note that this guide assumes you have a basic understanding of Linux command line interface and you’re familiar with web server administration. You should also have already installed Apache or Nginx on your Ubuntu or CentOS server. If you’re still in the process of choosing a web server, you can refer to our guide on the best web servers<\/a>.<\/p>\n Remember, the type of hosting you choose can also impact your server’s performance. Whether it’s dedicated server<\/a>, VPS server<\/a>, cloud hosting<\/a>, or shared hosting<\/a>, each has its own advantages and considerations.<\/p>\n Now, let’s get started with enabling TLS 1.3 on your Apache or Nginx server.<\/p>\n Before we start, it’s important to ensure that your server’s software is up to date. TLS 1.3 support was added in Apache 2.4.36, and OpenSSL<\/a> 1.1.1, so you’ll need to be running these versions or later.<\/p>\n First, log in to your Ubuntu server and update the system packages. You can do this by running the following commands:<\/p>\n Next, check your Apache and OpenSSL versions to ensure they support TLS 1.3. Run the following commands:<\/p>\n If your Apache version is earlier than 2.4.36 or your OpenSSL version is earlier than 1.1.1, you’ll need to update them.<\/p>\n If you need to update Apache, run:<\/p>\n To update OpenSSL, run:<\/p>\n Once you’ve confirmed that your Apache and OpenSSL versions support TLS 1.3, you’ll need to configure Apache to use it. Open the Apache configuration file in a text editor. The location of this file may vary depending on your setup, but it’s typically located at \/etc\/apache2\/apache2.conf. You can open it with the nano text editor like so:<\/p>\n In the configuration file, find the section that begins with <VirtualHost *:443>. In this section, add or modify the SSLProtocol line to include TLSv1.3:<\/p>\n This line tells Apache to use all protocols except for SSLv2, SSLv3, TLSv1, and TLSv1.1, and to specifically use TLSv1.2 and TLSv1.3.<\/p>\n Save and close the file when you’re done.<\/p>\n Finally, you’ll need to restart Apache for your changes to take effect. You can do this with the following command:<\/p>\n Congratulations! You’ve successfully enabled TLS 1.3 in Apache on Ubuntu.<\/p>\n The process of enabling TLS 1.3 in Apache on CentOS is similar to Ubuntu, but with a few differences due to the different package management systems and default configurations.<\/p>\n As with Ubuntu, the first step is to update your system packages. On CentOS, you can do this with the following commands:<\/p>\n Next, check your Apache and OpenSSL versions to ensure they support TLS 1.3. Run the following commands:<\/p>\n If your Apache version is earlier than 2.4.36 or your OpenSSL version is earlier than 1.1.1, you’ll need to update them.<\/p>\n If you need to update Apache, run:<\/p>\n To update OpenSSL, run:<\/p>\n Once you’ve confirmed that your Apache and OpenSSL versions support TLS 1.3, you’ll need to configure Apache to use it. Open the Apache configuration file in a text editor. The location of this file may vary depending on your setup, but it’s typically located at \/etc\/httpd\/conf\/httpd.conf. You can open it with the nano text editor like so:<\/p>\n In the configuration file, find the section that begins with <VirtualHost *:443>. In this section, add or modify the SSLProtocol line to include TLSv1.3:<\/p>\n This line tells Apache to use all protocols except for SSLv2, SSLv3, TLSv1, and TLSv1.1, and to specifically use TLSv1.2 and TLSv1.3.<\/p>\n Save and close the file when you’re done.<\/p>\n Finally, you’ll need to restart Apache for your changes to take effect. You can do this with the following command:<\/p>\n Congratulations! You’ve successfully enabled TLS 1.3 in Apache on CentOS.<\/p>\n Now that we’ve covered Apache, let’s move on to enabling TLS 1.3 in Nginx. We’ll start with Ubuntu.<\/p>\n As always, start by updating your system packages. On Ubuntu, you can do this with the following commands:<\/p>\n Next, check your Nginx and OpenSSL versions to ensure they support TLS 1.3. Run the following commands:<\/p>\n If your Nginx version is earlier than 1.13.0 or your OpenSSL version is earlier than 1.1.1, you’ll need to update them.<\/p>\n If you need to update Nginx, run:<\/p>\n To update OpenSSL, run:<\/p>\n Once you’ve confirmed that your Nginx and OpenSSL versions support TLS 1.3, you’ll need to configure Nginx to use it. Open the Nginx configuration file in a text editor. The location of this file may vary depending on your setup, but it’s typically located at \/etc\/nginx\/nginx.conf. You can open it with the nano text editor like so:<\/p>\n In the configuration file, find the section that begins with server { and includes listen 443 ssl;. In this section, add or modify the ssl_protocols line to include TLSv1.3:<\/p>\n This line tells Nginx to use TLSv1.2 and TLSv1.3.<\/p>\n Save and close the file when you’re done.<\/p>\n Finally, you’ll need to restart Nginx for your changes to take effect. You can do this with the following command:<\/p>\n Congratulations! You’ve successfully enabled TLS 1.3 in Nginx on Ubuntu.<\/p>\n Finally, let’s cover how to enable TLS 1.3 in Nginx on CentOS.<\/p>\n Start by updating your system packages. On CentOS, you can do this with the following commands:<\/p>\n Next, check your Nginx and OpenSSL versions to ensure they support TLS 1.3. Run the following commands:<\/p>\n If your Nginx version is earlier than 1.13.0 or your OpenSSL version is earlier than 1.1.1, you’ll need to update them.<\/p>\n If you need to update Nginx, run:<\/p>\n To update OpenSSL, run:<\/p>\n Once you’ve confirmed that your Nginx and OpenSSL versions support TLS 1.3, you’ll need to configure Nginx to use it. Open the Nginx configuration file in a text editor. The location of this file may vary depending on your setup, but it’s typically located at \/etc\/nginx\/nginx.conf. You can open it with the nano text editor like so:<\/p>\n In the configuration file, find the section that begins with server { and includes listen 443 ssl;. In this section, add or modify the ssl_protocols line to include TLSv1.3:<\/p>\n This line tells Nginx to use TLSv1.2 and TLSv1.3.<\/p>\n Save and close the file when you’re done.<\/p>\n Finally, you’ll need to restart Nginx for your changes to take effect. You can do this with the following command:<\/p>\n Congratulations! You’ve successfully enabled TLS 1.3 in Nginx on CentOS.<\/p>\n Throughout this tutorial, we’ve used several commands to update system packages, check and update Apache, Nginx, and OpenSSL versions, and configure and restart the web servers. Here’s a brief description of each command:<\/p>\n What is TLS 1.3 and why is it important?<\/p>\n \nTLS 1.3 is the latest version of the Transport Layer Security (TLS) protocol, which provides secure communication over a computer network. It offers several improvements over its predecessor, including enhanced security and faster connection times. Enabling TLS 1.3 on your web server can help protect against certain types of attacks and improve your website’s performance.<\/span>\n<\/p>\n<\/li>\n How can I check if TLS 1.3 is enabled on my server?<\/p>\n \nYou can use an online TLS checker, such as the one provided by SSL Labs, to check if TLS 1.3 is enabled on your server. Simply enter your website’s URL and the tool will provide a detailed report on your server’s SSL\/TLS configuration, including the supported versions of the protocol.<\/span>\n<\/p>\n<\/li>\n What versions of Apache and Nginx support TLS 1.3?<\/p>\n \nTLS 1.3 support was added in Apache 2.4.36 and Nginx 1.13.0. You’ll need to be running these versions or later to enable TLS 1.3. Additionally, you’ll need to be running OpenSSL 1.1.1 or later, as this is the version of OpenSSL that added support for TLS 1.3.<\/span>\n<\/p>\n<\/li>\n I’ve followed the steps, but TLS 1.3 still isn’t working. What should I do?<\/p>\n \nFirst, double-check that you’ve followed all the steps correctly and that you’re running the necessary versions of Apache\/Nginx and OpenSSL. If everything seems correct, the issue may be with your server’s firewall or with your hosting provider. Contact your hosting provider’s support for assistance.<\/span>\n<\/p>\n<\/li>\n Can enabling TLS 1.3 improve my website’s SEO?<\/p>\n \nYes, enabling TLS 1.3 can potentially improve your website’s SEO. Google has indicated that HTTPS (which is enabled by TLS) is a ranking signal. Furthermore, because TLS 1.3 can make your website load faster, it can help improve user experience and reduce bounce rates, which can also positively impact your SEO.<\/span>\n<\/p>\n<\/li>\n<\/ol>\n In this comprehensive tutorial, we’ve walked through the process of enabling TLS 1.3 in both Apache and Nginx on Ubuntu and CentOS. By following these steps, you can ensure that your web server is using the latest and most secure version of the TLS protocol, thereby enhancing the security and performance of your website.<\/p>\n Remember, maintaining a secure and efficient web server requires ongoing effort. It’s important to regularly update your server’s software and to stay informed about the latest security protocols and technologies. Whether you’re using Apache<\/a>, Nginx<\/a>, or another web server, and whether your server is hosted on a dedicated server<\/a>, VPS server<\/a>, cloud hosting<\/a>, or shared hosting<\/a> platform, keeping your server’s software up to date is one of the most effective things you can do to protect against security threats.<\/p>\n We hope you found this guide helpful. If you have any further questions, don’t hesitate to reach out.<\/p>\n Happy hosting!<\/p>\n","protected":false},"excerpt":{"rendered":" It’s crucial for webmasters and server administrators to stay updated with the latest protocols and technologies. One such technology is Transport Layer Security (in short – TLS) 1.3, the most…<\/p>\n","protected":false},"author":6,"featured_media":16162,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wds_primary_category":0,"footnotes":""},"categories":[1103,2055,1014,1073],"tags":[1199,1244,1605,2083,1856],"class_list":["post-16161","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-apache","category-centos","category-nginx","category-ubuntu","tag-apache","tag-centos","tag-nginx","tag-tls","tag-ubuntu"],"_links":{"self":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/16161","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/comments?post=16161"}],"version-history":[{"count":0,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/16161\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media\/16162"}],"wp:attachment":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media?parent=16161"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/categories?post=16161"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/tags?post=16161"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Enabling TLS 1.3 in Apache on Ubuntu<\/h2>\n
Step 1: Update Your System<\/h3>\n
\r\nsudo apt-get update\r\nsudo apt-get upgrade\r\n<\/pre>\n
Step 2: Check Apache and OpenSSL Version<\/h3>\n
\r\napachectl -v\r\nopenssl version\r\n<\/pre>\n
Step 3: Update Apache and OpenSSL (if necessary)<\/h3>\n
\r\nsudo apt-get install apache2\r\n<\/pre>\n
\r\nsudo apt-get install openssl\r\n<\/pre>\n
Step 4: Configure Apache to Use TLS 1.3<\/h3>\n
\r\nsudo nano \/etc\/apache2\/apache2.conf\r\n<\/pre>\n
\r\nSSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2 +TLSv1.3\r\n<\/pre>\n
Step 5: Restart Apache<\/h3>\n
\r\nsudo systemctl restart apache2\r\n<\/pre>\n
Enabling TLS 1.3 in Apache on CentOS<\/h2>\n
Step 1: Update Your System<\/h3>\n
\r\nsudo yum update\r\nsudo yum upgrade\r\n<\/pre>\n
Step 2: Check Apache and OpenSSL Version<\/h3>\n
\r\nhttpd -v\r\nopenssl version\r\n<\/pre>\n
Step 3: Update Apache and OpenSSL (if necessary)<\/h3>\n
\r\nsudo yum install httpd\r\n<\/pre>\n
\r\nsudo yum install openssl\r\n<\/pre>\n
Step 4: Configure Apache to Use TLS 1.3<\/h3>\n
\r\nsudo nano \/etc\/httpd\/conf\/httpd.conf\r\n<\/pre>\n
\r\nSSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2 +TLSv1.3\r\n<\/pre>\n
Step 5: Restart Apache<\/h3>\n
\r\nsudo systemctl restart httpd\r\n<\/pre>\n
Enabling TLS 1.3 in Nginx on Ubuntu<\/h2>\n
Step 1: Update Your System<\/h3>\n
\r\nsudo apt-get update\r\nsudo apt-get upgrade\r\n<\/pre>\n
Step 2: Check Nginx and OpenSSL Version<\/h3>\n
\r\nnginx -v\r\nopenssl version\r\n<\/pre>\n
Step 3: Update Nginx and OpenSSL (if necessary)<\/h3>\n
\r\nsudo apt-get install nginx\r\n<\/pre>\n
\r\nsudo apt-get install openssl\r\n<\/pre>\n
Step 4: Configure Nginx to Use TLS 1.3<\/h3>\n
\r\nsudo nano \/etc\/nginx\/nginx.conf\r\n<\/pre>\n
\r\nssl_protocols TLSv1.2 TLSv1.3;\r\n<\/pre>\n
Step 5: Restart Nginx<\/h3>\n
\r\nsudo systemctl restart nginx\r\n<\/pre>\n
Enabling TLS 1.3 in Nginx on CentOS<\/h2>\n
Step 1: Update Your System<\/h3>\n
\r\nsudo yum update\r\nsudo yum upgrade\r\n<\/pre>\n
Step 2: Check Nginx and OpenSSL Version<\/h3>\n
\r\nnginx -v\r\nopenssl version\r\n<\/pre>\n
Step 3: Update Nginx and OpenSSL (if necessary)<\/h3>\n
\r\nsudo yum install nginx\r\n<\/pre>\n
\r\nsudo yum install openssl\r\n<\/pre>\n
Step 4: Configure Nginx to Use TLS 1.3<\/h3>\n
\r\nsudo nano \/etc\/nginx\/nginx.conf\r\n<\/pre>\n
\r\nssl_protocols TLSv1.2 TLSv1.3;\r\n<\/pre>\n
Step 5: Restart Nginx<\/h3>\n
\r\nsudo systemctl restart nginx\r\n<\/pre>\n
Commands Mentioned<\/h2>\n
\n
FAQs<\/h2>\n
\n
Conclusion<\/h2>\n