Nginx has no TLSv1.2!???

Thu, Sep 24, 2015

Which is of course not true. Setting ssl_protocols to ssl_protocols TLSv1 TLSv1.1 TLSv1.2; will activate TLSv1, v1.1 and v1.2. So why am I writing this?

The documentation clearly states that ssl_protocols can be set in the context of http and server. Which is true. But you can set ssl_protocols only once per port. Sadly this is not mentioned in the documentation. I don’t know if Nginx stops after the first definition or takes the last definition, but that was exacly my problem. I had a server with multiple site-configurations on one port (aka vhosts on port 80). Since I was testing new configurations, I only enabled TLSv1.2 for one config… and nothing happend; only TLSv1 was possible. So the search began.

tl;dr: With Nginx you can define ssl_protocols only once per port. So it’s better to keep it in the nginx.conf or to create a separate ssl.conf with all the ssl parameters you need. Multiple protocols on one port are not possible.

Does anyone know whom to poke for changes in the docs? Please send me a note.