feat: Update the value of ssl_protocols. (#672)

y82 · web-flow · commit 1f9fdcc2424e · 2025-06-12T10:49:42.000+01:00
diff --git a/content/nginx/admin-guide/load-balancer/http-load-balancer.md b/content/nginx/admin-guide/load-balancer/http-load-balancer.md
@@ -427,7 +427,7 @@ http {
         listen              443 ssl;
         ssl_certificate     /etc/nginx/ssl/company.com.crt;
         ssl_certificate_key /etc/nginx/ssl/company.com.key;
-        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+        ssl_protocols       TLSv1.2 TLSv1.3;
 
         location / {
             proxy_pass         https://exchange;
diff --git a/content/nginx/admin-guide/mail-proxy/mail-proxy.md b/content/nginx/admin-guide/mail-proxy/mail-proxy.md
@@ -166,7 +166,7 @@ To enable SSL/TLS for the mail proxy:
     ```nginx
     mail {
         #...
-        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_protocols TLSv1.2 TLSv1.3;
         ssl_ciphers   HIGH:!aNULL:!MD5;
     }
     ```
@@ -223,7 +223,7 @@ mail {
     ssl                 on;
     ssl_certificate     /etc/ssl/certs/server.crt;
     ssl_certificate_key /etc/ssl/certs/server.key;
-    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+    ssl_protocols       TLSv1.2 TLSv1.3;
     ssl_ciphers         HIGH:!aNULL:!MD5;
     ssl_session_cache   shared:SSL:10m;
     ssl_session_timeout 10m;
diff --git a/content/nginx/admin-guide/security-controls/securing-http-traffic-upstream.md b/content/nginx/admin-guide/security-controls/securing-http-traffic-upstream.md
@@ -77,7 +77,7 @@ Optionally, you can specify which SSL protocols and ciphers are used:
 ```nginx
 location /upstream {
         #...
-        proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        proxy_ssl_protocols TLSv1.2 TLSv1.3;
         proxy_ssl_ciphers   HIGH:!aNULL:!MD5;
 }
 ```
@@ -133,7 +133,7 @@ http {
             proxy_pass                    https://backend.example.com;
             proxy_ssl_certificate         /etc/nginx/client.pem;
             proxy_ssl_certificate_key     /etc/nginx/client.key;
-            proxy_ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
+            proxy_ssl_protocols           TLSv1.2 TLSv1.3;
             proxy_ssl_ciphers             HIGH:!aNULL:!MD5;
             proxy_ssl_trusted_certificate /etc/nginx/trusted_ca_cert.crt;
 
diff --git a/content/nginx/admin-guide/security-controls/securing-tcp-traffic-upstream.md b/content/nginx/admin-guide/security-controls/securing-tcp-traffic-upstream.md
@@ -58,7 +58,7 @@ Optionally, specify which SSL protocols and ciphers to use:
 ```nginx
 server {
         ...
-        proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        proxy_ssl_protocols TLSv1.2 TLSv1.3;
         proxy_ssl_ciphers   HIGH:!aNULL:!MD5;
 }
 ```
@@ -98,7 +98,7 @@ stream {
 
         proxy_ssl_certificate         /etc/ssl/certs/backend.crt;
         proxy_ssl_certificate_key     /etc/ssl/certs/backend.key;
-        proxy_ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
+        proxy_ssl_protocols           TLSv1.2 TLSv1.3;
         proxy_ssl_ciphers             HIGH:!aNULL:!MD5;
         proxy_ssl_trusted_certificate /etc/ssl/certs/trusted_ca_cert.crt;
 
diff --git a/content/nginx/admin-guide/security-controls/terminating-ssl-http.md b/content/nginx/admin-guide/security-controls/terminating-ssl-http.md
@@ -22,7 +22,7 @@ server {
     server_name         www.example.com;
     ssl_certificate     www.example.com.crt;
     ssl_certificate_key www.example.com.key;
-    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+    ssl_protocols       TLSv1.2 TLSv1.3;
     ssl_ciphers         HIGH:!aNULL:!MD5;
     #...
 }
@@ -39,10 +39,10 @@ In this case it is important to restrict access to the file. Note that although
 
 The [ssl_protocols](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols) and [ssl_ciphers](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers ) directives can be used to require that clients use only the strong versions and ciphers of SSL/TLS when establishing connections.
 
-Since version 1.9.1, NGINX uses these defaults:
+Since version 1.23.4, NGINX uses these defaults:
 
 ```nginx
-ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ciphers HIGH:!aNULL:!MD5;
 ```
 
@@ -118,7 +118,7 @@ http {
 
         ssl_certificate     www.example.com.crt;
         ssl_certificate_key www.example.com.key;
-        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+        ssl_protocols       TLSv1.2 TLSv1.3;
         ssl_ciphers         HIGH:!aNULL:!MD5;
         #...
     }
diff --git a/content/nginx/admin-guide/security-controls/terminating-ssl-tcp.md b/content/nginx/admin-guide/security-controls/terminating-ssl-tcp.md
@@ -62,7 +62,7 @@ Additionally, the [ssl_protocols](https://nginx.org/en/docs/stream/ngx_stream_ss
 ```nginx
 server {
     #...
-    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
+    ssl_protocols  TLSv1.2 TLSv1.3;
     ssl_ciphers    HIGH:!aNULL:!MD5;
 }
 ```
@@ -152,7 +152,7 @@ stream {
 
         ssl_certificate       /etc/ssl/certs/server.crt;
         ssl_certificate_key   /etc/ssl/certs/server.key;
-        ssl_protocols         SSLv3 TLSv1 TLSv1.1 TLSv1.2;
+        ssl_protocols         TLSv1.2 TLSv1.3;
         ssl_ciphers           HIGH:!aNULL:!MD5;
         ssl_session_cache     shared:SSL:20m;
         ssl_session_timeout   4h;
diff --git a/content/nginx/deployment-guides/load-balance-third-party/microsoft-exchange.md b/content/nginx/deployment-guides/load-balance-third-party/microsoft-exchange.md
diff --git a/content/nginx/deployment-guides/migrate-hardware-adc/f5-big-ip-configuration.md b/content/nginx/deployment-guides/migrate-hardware-adc/f5-big-ip-configuration.md
diff --git a/content/nginx/fips-compliance-nginx-plus.md b/content/nginx/fips-compliance-nginx-plus.md
