Securing NGINX - Debian/Ubuntu

Step 3 - Securing the NGINX SSL/TLS Environment

Securing the NGINX SSL/TLS Environment

Another option is to add or remove SSL/TLS Protocols - We highly recommend not to use SSLv2, SSLv3 and TLSv1 since were deprecated a while ago! If you can use TLSv1.2 at a minimum. In this procedure we will also include support for TLSv1.3 as per RFC 8446.

Protocol Support
    TLSv1.0 <--- Do not use!!!
    TLSv1.1 <--- Do not use!!!
    TLSv1.2 <--- We will score 100% on all areas but Cipher Strength will be 90% To acheive 100 % on all tests, remove 128 bit cipher support. (Caution for removing 128 Bit Cipher Support)
    TLSv1.3 (Experimental) <--- Same result for TLSv1.2 - NIST Revised TLSv1.3 Standard