SSL Protocol / TLS version running on NGINX / ERPNext Site

Axis bank asked us to downgrade our TLS version from 1.3 to 1.2 because of their own limitations. This blog tells how we did it so that we can do it in the future for some other customers if required.

 · 1 min read
  1. TLS version is a setting in NGINX or any web server you are using.
  2. The key is
ssl_protocols TLSv1.2;
  1. Optionally we can also disable prefer server cipher to force a particular version, the key is as below
ssl_prefer_server_ciphers off;
  1. They could be multiple conf files in nginx setting, however, if there is any duplication of this in conf.d folder for this key, system, will give an error.
  2. Ensure the main file of nginx.conf is being read, in our case, it was /etc/letsencrypt/options-ssl-nginx.conf has the following parameters:
      ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers off;

Book a free 30min tailored consultation

Free first 30min of enterprise consultation to manage your business better using digital processes.

Published on
Apoorv Soral