In Apache HTTP , Nginx and Security Last updated:
Share on:
Cloudways offers managed cloud hosting for any size business to host a website or complex web applications.

A step-by-step guide to enable the latest and test TLS version protocol 1.3

Before the implementation procedure, let’s take a look at what is TLS 1.3, how it differs from 1.2, history, and compatibility.

What is TLS 1.3?

TLS (transport layer security) 1.3 is based on the existing 1.2 specifications. It’s the latest TLS version protocol and aims to improve performance and security.

To learn more, refer to this post by Filippo.

Let’s take a look at the history of the TLS protocol.

TLS protocol can be enabled on Web Servers, CDN, Load Balancers, and network edge devices.

TLS 1.3 Browser Compatibility

1.3 is not supported in all the browsers yet. Currently, it works only with the latest version of Chrome, Firefox, Opera, and iOS Safari. If you are keen to implement as soon as it supports all the browsers, then bookmark this CanIUse page. Considering it is still at an early stage, you may want to enable 1.3 along with older version 1.2 and 1.1.

Check out how to enable it in the browser.

Here is TLS analytics for Geekflare. As you can see, more than 70% of requests over TLS 1.3.

Enable TLS 1.3 in Nginx

TLS 1.3 is supported starting from Nginx 1.13 version. If you are running the older version, then first, you got to upgrade.

I assume you have Nginx 1.13+

  • Login to Nginx server
  • Take a backup of nginx.conf file
  • Modify nginx.conf using vi or your favorite editor

The default configuration under SSL settings should look like this

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  • Add TLSv1.3 at the end of the line, and so it looks like below
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

Note: above configuration will allow TLS 1/1.1/1.2/1.3. If you want to enable the secure one TLS 1.2/1.3, then your configuration should look like this.

ssl_protocols TLSv1.2 TLSv1.3;
  • Restart the Nginx
service nginx restart

It’s easy. Isn’t it?

Enable TLS 1.3 in Apache

Starting from Apache HTTP 2.4.38, you can take advantage of TLS 1.3. If you are still using the older version, then you got to think of upgrading that first.

The configuration is easy and similar to how you enable TLS 1.2 or 1.1 protocol.

Let’s take a look…

  • Login to Apache HTTP server and take a backup or ssl.conf file or where you have SSL configuration
  • Locate SSLProtocol line and add +TLSv1.3 at the end of the line

Ex: the following would allow TLS 1.2 and TLS 1.3

SSLProtocol -all +TLSv1.2 +TLSv1.3
  • Save the file and restart Apache HTTP


One of the first CDN providers to implement TLS 1.3 support. Cloudflare enables it by default for all the websites.

However, if you need to disable or check, then here is how you can do it.

  • Login to Cloudflare
  • Go to SSL/TLS tab >> Edge certificates
  • Scroll down a bit, and you will see the TLS 1.3 option

What other Platform Support TLS 1.3?

I am aware of the following CDN.

  • CDN 77 –  Recently, they have announced to support from some of their POP (point of presence).
  • AKAMAI – AKAMAI has turned beta on network-wide.

How to Verify Site is Using TLS 1.3?

Once you’ve implemented through a web server or CDN, then next, you want to ensure your site is handshaking over TLS 1.3 protocol.

There are multiple ways to test it.

Geekflare TLS Test – quickly find out the supported TLS version.

SSL Labs – enter your HTTPS URL and scroll down on the test result page.

You will see what all protocols are enabled.

Google Chrome – if you are enabling on intranet sites, then you can test it right from the Chrome browser.

  • Launch Chrome
  • Open Developer Tools
  • Go to the Security tab
  • Access HTTPS URL
  • Left side, select the main origin to see the protocol

And there you go!

Considering TLS 1.3 is still new, you may implement it on your website but don’t forget to keep the older version-enabled. Having TLS 1.1, 1.2 enabled will ensure the client (browsers) can connect through other protocol versions if they are not compatible with 1.3

I hope this gives you an idea about implementing the latest TLS protocol to offer better website security.

Share on:
  • Chandan Kumar
    Chandan Kumar is a seasoned technology enthusiast and entrepreneur passionate about empowering businesses and individuals globally. As the founder of Geekflare, a leading technology publication, Chandan has spearheaded the development…

Thanks to our Sponsors

More great readings on Apache HTTP

Power Your Business

Some of the tools and services to help your business grow.
  • The text-to-speech tool that uses AI to generate realistic human-like voices.

    Try Murf AI
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.

    Try Brightdata
  • is an all-in-one work OS to help you manage projects, tasks, work, sales, CRM, operations, workflows, and more.

    Try Monday
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.

    Try Intruder