nginx and TLS v1.2 · uwot.eu
another meaningless subtitle

nginx and TLS v1.2

· by fabio · Read in about 1 min · (161 Words)
CentOS CentOS 6.4 GnuTLS HTTPS linux nginx openssl TLSv1.2

Given that SSL and TLS, especially v1.0, suffer from serious security issues (e.g. https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS) I thought it would be a good idea to use the latest and more secure version of it: v1.2.
On CentOS 6.4 the openssl version included is quite old and doesn’t support TLS v1.1 and 1.2.
So, first of all we have to install the latest version 1.0.1e, it can be done compiling from sources or by adding a third party repository; I chose the latter.

rpm -ivh --nosignature http://rpm.axivo.com/redhat/axivo-release-6-1.noarch.rpm

yum --enablerepo=axivo update openssl

To create the certificate I personally prefer to use GnuTLS instead of openssl, so:

yum install gnutls-utils

certtool --generate-privkey --bits 4096 --outfile hostname.key

certtool --generate-self-signed --load-privkey uwot.eu.key --outfile hostname.crt

Edit nginx.conf or the desired virtual host file to include the two previously created files (.key and .crt) and then restart nginx.
The following command can be used to check the certificate used, encryption algorithm and so on.

openssl s_client -host hostname -port 443