How to Enable TLS 1.3 on Windows, Limux, Mac, Apache & NGINX

Enabling TLS 1.3 on various platforms and web servers requires different steps. Below is a step-by-step guide to enabling TLS 1.3 on Windows, Linux, Mac, Apache, and Nginx:


Please note that Windows already has TLS 1.3 support starting from Windows 10 version 20170, and Windows Server version 20170. All you have to do is ensure that your system is up-to-date.


To enable TLS 1.3 on Linux, you need to update OpenSSL to a version that supports TLS 1.3.

  • Check if your current OpenSSL version supports TLS 1.3:
    openssl version
  • If your OpenSSL version is 1.1.1 or higher, it likely already supports TLS 1.3. If not, update OpenSSL to the latest version.


Similar to Linux, macOS starting from macOS 10.14 supports TLS 1.3 through the updated version of OpenSSL. If your macOS version is 10.14 or newer, you should have TLS 1.3 support enabled by default.


To enable TLS 1.3 on the Apache web server, follow these steps:

  • Ensure you have a version of Apache that supports TLS 1.3. Apache 2.4.36 and later versions include support for TLS 1.3.
  • Open your Apache configuration file (httpd.conf or apache2.conf), usually located in /etc/apache2/ or /etc/httpd/.
  • Add the following line to enable TLS 1.3 support:
    SSLProtocol -all +TLSv1.3
  • Save the changes and restart the Apache server to apply the configuration:
    apachectl restart


To enable TLS 1.3 on Nginx, you need to use a version of Nginx that supports TLS 1.3 (Nginx 1.13.0 and later).

  • Open your Nginx configuration file (nginx.conf), often found in /etc/nginx/.
  • Locate the ssl_protocols directive within the http block and make sure it includes TLS 1.3:


    http {
    ssl_protocols TLSv1.2 TLSv1.3;
  • Save the changes and check the Nginx configuration for syntax errors:
    nginx -t
  • If the configuration test passes, reload Nginx to apply the changes:
    nginx -s reload

After following the steps for your respective platform and web server, TLS 1.3 should now be enabled and active. Remember to test your server’s SSL/TLS configuration using online tools or OpenSSL utilities to ensure TLS 1.3 is properly configured and working.


Source link