In today’s digital world, website security is more critical than ever. One of the key elements that protect your website’s data in transit is TLS (Transport Layer Security). Let’s understand what TLS is, why updating it is important, and how you can update the TLS version for Apache, Nginx, and Node.js.
🔐 What is TLS?
TLS (Transport Layer Security) is a cryptographic protocol that secures communication over the internet. It encrypts data exchanged between your website and the user’s browser to prevent tampering, eavesdropping, and man-in-the-middle attacks.
TLS replaced the older SSL (Secure Sockets Layer) protocol and is considered more secure and efficient.
💡 Why Update the TLS Version?
Older versions of TLS, like TLS 1.0 and TLS 1.1, have known vulnerabilities and are deprecated by all major browsers and compliance standards like PCI DSS. Most modern systems require TLS 1.2 or TLS 1.3.
🛡️ Benefits of Updating to TLS 1.2/1.3:
- ✅ Improved encryption strength
- ✅ Faster performance (especially with TLS 1.3)
- ✅ Better compatibility with modern browsers
- ✅ Required for PCI-DSS, HIPAA, and GDPR compliance
- ✅ Protects your users’ data and builds trust
🛠️ How to Update TLS Version
Below are step-by-step guides for updating the TLS version in Apache, Nginx, and Node.js.
🔧 Apache Web Server (httpd)
Step 1: Locate the SSL Configuration File
Typically found in:
/etc/httpd/conf.d/ssl.conf # CentOS/RHEL
/etc/apache2/sites-available/default-ssl.conf # Debian/UbuntuStep 2: Edit the File
Open it in a text editor:
sudo nano /etc/httpd/conf.d/ssl.confStep 3: Set TLS Protocol
Add or update this line:
SSLProtocol TLSv1.2 TLSv1.3⚠️ Remove older protocols like
SSLv3,TLSv1, andTLSv1.1.
Step 4: Restart Apache
sudo systemctl restart httpd # CentOS/RHEL
sudo systemctl restart apache2 # Ubuntu/DebianStep 5: Verify
Use openssl:
openssl s_client -connect yourdomain.com:443 -tls1_3🌐 Nginx Web Server
Step 1: Locate Nginx SSL Config
Typically found in:
/etc/nginx/nginx.conf
/etc/nginx/sites-available/defaultStep 2: Edit the File
Open it:
sudo nano /etc/nginx/sites-available/defaultStep 3: Set TLS Protocols
Inside your server block:
ssl_protocols TLSv1.2 TLSv1.3;⚠️ Make sure older versions (
TLSv1,TLSv1.1) are not listed.
Step 4: Restart Nginx
sudo systemctl restart nginxStep 5: Verify
Use:
openssl s_client -connect yourdomain.com:443 -tls1_3🟦 Node.js (with HTTPS/Express)
Step 1: Check Node.js Version
TLS 1.3 is supported in Node.js v10.17.0 and above:
node -vStep 2: Use TLS Settings in Code
When using HTTPS server (It is example code):
const fs = require('fs');
const https = require('https');
const options = {
key: fs.readFileSync('key.pem'),
cert: fs.readFileSync('cert.pem'),
secureProtocol: 'TLS_method', // Supports TLSv1.2 and TLSv1.3
ciphers: 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256',
honorCipherOrder: true
};
https.createServer(options, (req, res) => {
res.writeHead(200);
res.end('Secure Connection Established');
}).listen(443);Use
secureProtocolandciphersto enforce strong TLS configurations.
Step 3: Restart Your App
pm2 restart app # if using pm2
node app.js # otherwiseStep 4: Verify
openssl s_client -connect yourdomain.com:443 -tls1_3✅ Final Tips
- Always test after making changes.
- Use SSL Labs to check your TLS version and grade.
- Consider obtaining an SSL certificate from a trusted CA like Let’s Encrypt or Sectigo.
🚀 Wrapping Up
Updating your TLS version is a simple yet critical step to protect your website and user data. Whether you’re using Apache, Nginx, or Node.js, following these steps will ensure your website is secure, fast, and compliant with modern security standards.
👉 Stay secure. Stay trusted.