How to Enable TLS 1.3 on NGINX

how to enable tls 13 nginx

TLS 1.3 (Transport Layer Security) is the latest TLS protocol that not only provides better security and data privacy but also improves website performance. Here are the steps to enable TLS 1.3 on NGINX.


How to Enable TLS 1.3 on NGINX

Here are the steps to enable TLS 1.3 on NGINX.

Although TLS 1.3 is supported since NGINX 1.13, most Linux distributions don’t have the required versions of OpenSSH and NGINX.

So please ensure you have the following to enable TLS 1.3 on NGINX:

  • NGINX version 1.13.0 built with OpenSSH 1.1.1 or later
  • Valid TLS or self-signed certificate. If you don’t have one, you can get it for free from LetsEncrypt.


1. Update NGINX configuration

Open NGINX config file in a text editor

$ sudo vim /etc/nginx/nginx.conf


Look for the following line that begins with ssl_protocols directive. For example,

ssl_protocols TLSv1.2

Update it to

ssl_protocols TLSv1.2 TLSv1.3


2. Reload NGINX configuration

Reload NGINX to apply changes

$ sudo systemctl reload nginx.service


Here’s a sample configuration for TLS 1.3

server {

 listen 443 ssl http2;
 listen [::]:443 ssl http2;

 root /var/www/;

 ssl_certificate /path/to/your/certificate.crt;
 ssl_certificate_key /path/to/your/private.key;

 ssl_protocols TLSv1.2 TLSv1.3;



3. Test TLS 1.3 configuration

To test TLS 1.3 configuration, open your browser’s dev tools or SSL Server Test tool and enter your domain name.

Here’s how the Security tab of browser tools will look like

tls13 browser dev tools


tls13 browser dev tools


About Sreeram Sreenivasan

Sreeram Sreenivasan is the Founder of Ubiq, a business dashboard & reporting platform for small & medium businesses. Ubiq makes it easy to build business dashboards & reports for your business. Try it for free today!