In Nginx revers proxy unable to disable TLS1

Maxim Dounin mdounin at
Mon Dec 3 14:13:31 UTC 2018


On Sat, Dec 01, 2018 at 01:02:19AM -0500, blason wrote:

> Hi Team,
> I have deployed nginx in reverse proxy mode and trying to disable TLS1
> and1.1 in configuation file but somehow it still shows when site is scanned
> by SSLlabs.
> Any idea why?
> nginx version: nginx/1.10.1
>         ssl_prefer_server_ciphers On;
>         ssl_protocols  TLSv1.2;
>         ssl_ciphers
>         ssl_dhparam /etc/ssl/stest.pem;

Make sure you change ssl_protocols in the right context.  It is 
not possible to change enabled SSL protocols in a SNI-based 
virtual server, so you have to define the "ssl_protocols" 
directive in the default server for the listening socket.  Most 
simple solution would be define "ssl_protocols" in the "http" 
context, so it will be used for all servers.

Maxim Dounin

More information about the nginx mailing list