Tags for this FAQ item:
NGinx SSL v2 SSL v3

Help us by rating this article!

Rated 5 stars, based on 3 votes

Nginx - Disable SSL 2.0 and SSL 3.0

Last updated: 14/01/2016

This article explains how to disable the SSL 2.0 and SSL 3.0 protocols on your Nginx web server.

SSL 2.0 and SSL 3.0 are obsolete versions of the SSL protocol that have long since been superseded by the more secure Transport Layer Security (TLS) protocol, dat betere beveiliging biedt. In addition, a SSL 3.0 security flaw nicknamed POODLE was discovered in 2014, allowing an attacker to completely circumvent SSL security. You should disable those protocols on your Nginx webserver for better security.

Unless you only need to modify one site, in which case you can just open the virtual hosts file you need, try to find all SSL websites with the following command, executed in the root directory of your Nginx installation:

grep -r ssl_certificate *

This will list all SSL server blocks you need to modify.

Using vi or your favourite text editor, add or modify the following line in each server block that needs updating:

ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

Restart your webserver with the following command:

/etc/init.d/nginx restart