Nginx – Enable TLS 1.3 Protocol


To totally unlock this section you need to Log-in

Since Nginx 1.13 (a while ago, now), support has been added for TLSv1.3, the latest version of the TLS protocol.

Enable TLSv1.3 in Nginx

We are going to assume you already have a working TLS configuration. It will include a configuration like the following:

...
ssl_protocols               TLSv1.1 TLSv1.2;
ssl_ciphers                 ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers   on;
ssl_ecdh_curve              secp384r1;
...
And quite a few more parameters.

To enable TLS 1.3, add TLSv1.3 to the ssl_protocols list.

ssl_protocols               TLSv1.1 TLSv1.2 TLSv1.3;

And reload your Nginx configuration.

Test if your Nginx version supports TLS 1.3

After we have added the configuration as shown above, we can try to run Nginx in debug mode.

$ nginx -t
nginx: [emerg] invalid value "TLSv1.3" in /etc/nginx/conf.d/ma.ttias.be.conf:34
nginx: configuration file /etc/nginx/nginx.conf test failed

If you see the message above, your Nginx version doesn't support TLS 1.3. A working config will tell you this:

$ nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If you don't see any errors, your Nginx version supports TLS 1.3.

TLS 1.3: Improved Performance and Security

Performance-wise, TLS 1.2 needs two round trips to establish HTTPS connection.

With TLS 1.3, only one round trip is required. TLS 1.3 also supports zero round trip mode (0-RTT session resumption), allowing clients who have previously connected to your website to send HTTP request on the first message to the server. This makes a big difference for users on mobile networks or at far distant locations.

Nginx - Enable TLS 1.3 Protocol

In terms of security, TLS 1.3 removed support for old cipher suites, so the recommended ones, for both TLS 1.2 and TLS 1.3 are the following:

ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;

It enables TLS 1.3 (that begins with TLS13- text string) ciphers as well as, for TLS 1.2, AES CBC/GCM 128/256 bits, CHACHA20, ECDSA/RSA and EECDH.

The necessary ciphers for TLS 1.3 are the following:

  • TLS13-CHACHA20-POLY1305-SHA256
  • TLS13-AES-256-GCM-SHA384
  • TLS13-AES-128-GCM-SHA256

Or:

  • TLS-CHACHA20-POLY1305-SHA256
  • TLS-AES-256-GCM-SHA384
  • TLS-AES-128-GCM-SHA256