grpc_ssl_protocols
The `grpc_ssl_protocols` directive sets the allowed SSL/TLS protocols for gRPC communication.
Description
The grpc_ssl_protocols directive allows for configuring which SSL and TLS protocols are available for gRPC connections handled by NGINX. Users can specify a list of protocols that the server will accept for secure communication, helping to enhance security by eliminating outdated and vulnerable protocol versions. This directive can be defined in various contexts such as http, server, or location, providing flexibility in configuration depending on the needs of the application.
Valid parameters for this directive typically include common versions of SSL/TLS such as TLSv1, TLSv1.1, TLSv1.2, and TLSv1.3, allowing admins to carefully control the security standards used by their applications. Furthermore, defining this directive in the http context will apply the settings server-wide, while defining it in the server or location contexts will allow for more granular control, possibly enabling different protocol settings for different gRPC services. It is essential to arrange the specified protocols in a way that meets both security requirements and compatibility considerations for client applications.
Config Example
server {
listen 443 ssl;
grpc_ssl_protocols TLSv1.2 TLSv1.3;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
}Using obsolete protocols like SSLv3 can lead to security vulnerabilities such as POODLE attacks.
Improper configuration can cause client compatibility issues if clients do not support the specified protocols.