uwsgi_ssl_protocols
The `uwsgi_ssl_protocols` directive specifies the SSL protocols for communication between NGINX and upstream uWSGI servers.
Description
The uwsgi_ssl_protocols directive is used to configure the SSL protocols that are permitted when NGINX communicates with upstream uWSGI servers over SSL. This is particularly important for ensuring that secure connections use only the version of SSL/TLS that meets security standards.
This directive takes one or more arguments, which correspond to the SSL protocols, such as TLSv1, TLSv1.1, or TLSv1.2. By specifying the desired SSL protocols, administrators can enforce that connections only utilize secure versions and avoid deprecated or insecure protocols. If no protocols are specified, the default behavior can vary based on the NGINX version and compilation options, which is why explicit configuration is often recommended for security purposes.
To effectively apply the uwsgi_ssl_protocols, it needs to be placed in one of the following contexts: http, server, or location. This gives administrators the flexibility to set different SSL protocols depending on their architectural needs and specific server configurations.
Config Example
http {
uwsgi_ssl_protocols TLSv1.2 TLSv1.3;
}Ensure that the specified protocols are supported by the underlying OpenSSL version being used with NGINX.
Be cautious when disabling older protocols, as some clients may not support newer versions, potentially leading to connection failures.