From 814f503556ec967cb9ac49a1d8d31dc333b699a4 Mon Sep 17 00:00:00 2001 From: Takuya Mukohira Date: Sat, 26 Feb 2022 14:32:43 +0900 Subject: [PATCH] Remove TLSv1 and TLSv1.1 and add TLSv1.3 In 2022, TLSv1 and TLSv1.1 is insecure. --- src/pages/kb/open-source/admin-guide/https-ssl-setup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/kb/open-source/admin-guide/https-ssl-setup.md b/src/pages/kb/open-source/admin-guide/https-ssl-setup.md index 1091d3de4..0a11fc080 100644 --- a/src/pages/kb/open-source/admin-guide/https-ssl-setup.md +++ b/src/pages/kb/open-source/admin-guide/https-ssl-setup.md @@ -48,7 +48,7 @@ server { ssl_certificate_key /path-to/cert.key; # Specifies that we don't want to use SSLv2 (insecure) or SSLv3 (exploitable) - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_protocols TLSv1.2 TLSv1.3; # Uses the server's ciphers rather than the client's ssl_prefer_server_ciphers on; # Specifies which ciphers are okay and which are not okay. List taken from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html