[Also posted in corresponding discussions for Firefox (<a href="https://news.ycombinator.com/item?id=18223672" rel="nofollow">https://news.ycombinator.com/item?id=18223672</a>) and Chrome (<a href="https://news.ycombinator.com/item?id=18221281" rel="nofollow">https://news.ycombinator.com/item?id=18221281</a>) ]<p>If you want Nginx to use TLS v1.2, this is what you need:<p><pre><code> ssl_protocols TLSv1.2;
</code></pre>
…and if you compile a recent Nginx from source and bake in OpenSSL 1.1.1 while you do that, you can have TLS v1.3 with a TLS v1.2 fallback, too:<p><pre><code> ssl_protocols TLSv1.3 TLSv1.2;
</code></pre>
See also:<p><a href="https://caniuse.com/#feat=tls1-2" rel="nofollow">https://caniuse.com/#feat=tls1-2</a><p><a href="https://caniuse.com/#feat=tls1-3" rel="nofollow">https://caniuse.com/#feat=tls1-3</a>