In Nginx revers proxy unable to disable TLS1
mdounin at mdounin.ru
Mon Dec 3 14:13:31 UTC 2018
On Sat, Dec 01, 2018 at 01:02:19AM -0500, blason wrote:
> Hi Team,
> I have deployed nginx in reverse proxy mode and trying to disable TLS1
> and1.1 in configuation file but somehow it still shows when site is scanned
> by SSLlabs.
> Any idea why?
> nginx version: nginx/1.10.1
> ssl_prefer_server_ciphers On;
> ssl_protocols TLSv1.2;
> ssl_dhparam /etc/ssl/stest.pem;
Make sure you change ssl_protocols in the right context. It is
not possible to change enabled SSL protocols in a SNI-based
virtual server, so you have to define the "ssl_protocols"
directive in the default server for the listening socket. Most
simple solution would be define "ssl_protocols" in the "http"
context, so it will be used for all servers.
More information about the nginx