Upgrading TLS version to 1.3

TLS 1.3 provides a new way to encrypt the connection between the client and server, not only is this more secure, but way faster. This guide will show you how to update your current site to allow TLS1.3

Note: If you created your server after 13 January 2020 you will not have to do this on a server provisioned by ploi.io, this has been done automatically.

First, we will have to tell the main nginx.config file to define the specific TLS versions, you can run this command (run this command as root):

sed -i "s/ssl_protocols.*/ssl_protocols TLSv1.2 TLSv1.3;/" /etc/nginx/nginx.conf

Next edit your site NGINX configuration file, generally you can find this at /etc/nginx/sites-available/example.com.conf, remove the ssl_protocols .. part and replace it with this:

ssl_protocols TLSv1.2 TLSv1.3;

After this, restart NGINX:

service nginx restart

Next verify your TLS version via the inspector of your browser (generally called "Security" tab):

13 January 2020