Software & AppsOperating SystemLinux

How To Enable TLS 1.0 and TLS 1.1 on Ubuntu 20.04

July 25, 2023
Ubuntu 2

Transport Layer Security (TLS) is a protocol that provides privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today. However, older versions of TLS, such as TLS 1.0 and 1.1, are considered less secure and have been deprecated in favor of newer, more secure versions like TLS 1.2 and 1.3.

Despite this, there may be specific situations where you need to enable TLS 1.0 and 1.1, such as supporting older devices or services. In this article, we’ll guide you through the process of enabling these protocols on Ubuntu 20.04.

Quick Answer

To enable TLS 1.0 and TLS 1.1 on Ubuntu 20.04, you can modify the Nginx configuration file to include these protocols in the ssl_protocols directive. For GnuTLS, you need to create a configuration file and specify the ‘NORMAL’ set of protocols. Remember that enabling older TLS versions can have security implications, so it’s important to carefully consider the risks and have a valid reason for doing so.

Table of Contents
  1. Prerequisites
  2. Enabling TLS 1.0 and 1.1 in Nginx
  3. Enabling TLS 1.0 and 1.1 in GnuTLS
  4. Conclusion

Prerequisites

Before we begin, ensure that you have root or sudo access to your Ubuntu 20.04 system. You will also need to have Nginx or Apache installed, depending on your server setup.

Enabling TLS 1.0 and 1.1 in Nginx

If you’re using Nginx, follow these steps:

  1. Edit the Nginx configuration file. The file is typically located at /etc/nginx/nginx.conf or /etc/nginx/sites-available/default. You can use a text editor like nano or vim to open the file. For example: 
    sudo nano /etc/nginx/nginx.conf
  2. Locate the ssl_protocols directive. This directive specifies the SSL protocols for secure communication. Add TLSv1 and TLSv1.1 to the list of protocols. For instance: 
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    This line of code tells Nginx to use TLS versions 1.0, 1.1, 1.2, and 1.3 for secure communication.
  3. Save and close the file. If you’re using nano, you can do this by pressing Ctrl+X, then Y to confirm the save, and finally Enter to exit.
  4. Restart Nginx. The changes will only take effect after Nginx is restarted. You can do this by running: 
    sudo systemctl restart nginx

Enabling TLS 1.0 and 1.1 in GnuTLS

If you’re using GnuTLS, follow these steps:

  1. Create a GnuTLS configuration file. If it doesn’t already exist, create a file at /etc/gnutls/config: 
    sudo nano /etc/gnutls/config
  2. Add the following content to the file: 
    [overrides]
default-priority-string = NORMAL
    This tells GnuTLS to use the ‘NORMAL’ set of protocols, ciphers, MACs, and key exchange algorithms, which includes TLS 1.0 and 1.1.
  3. Save and close the file. Just like before, press Ctrl+X, then Y, and finally Enter to exit.
  4. Restart any services that use GnuTLS. This will depend on your specific setup, but could include services like the Evolution email client.

Conclusion

While enabling TLS 1.0 and 1.1 can be necessary in certain situations, it’s important to remember that these older versions are less secure and have been deprecated. Whenever possible, it’s recommended to use TLS 1.2 or higher.

Please note that modifying system-wide SSL/TLS settings can have security implications, so it’s crucial to carefully consider the risks and ensure that you have a valid reason for enabling older TLS versions.

For more information on TLS and its versions, you can visit the official TLS page on the IETF website. For more details on configuring Nginx or GnuTLS, check out the Nginx documentation or the GnuTLS documentation.

Why are TLS 1.0 and 1.1 considered less secure and deprecated?

TLS 1.0 and 1.1 have known vulnerabilities and weaknesses that make them less secure compared to newer versions like TLS 1.2 and 1.3. These vulnerabilities include the susceptibility to attacks like POODLE and BEAST. To maintain a higher level of security, it is recommended to use the newer TLS versions.

Can I enable TLS 1.0 and 1.1 on Ubuntu 20.04 without root or sudo access?

No, enabling TLS 1.0 and 1.1 requires root or sudo access as it involves modifying system-wide SSL/TLS settings. Without the necessary permissions, you won’t be able to make the required changes to enable these protocols.

Are there any risks associated with enabling TLS 1.0 and 1.1?

Enabling TLS 1.0 and 1.1 can pose security risks as these versions are known to have vulnerabilities. By enabling them, you are potentially exposing your system to attacks that can exploit these weaknesses. It is important to carefully consider the risks and ensure that you have a valid reason for enabling older TLS versions.

Can I enable TLS 1.0 and 1.1 on other web servers apart from Nginx?

Yes, you can enable TLS 1.0 and 1.1 on other web servers like Apache by modifying the server configuration files. The steps may vary slightly depending on the server software you are using, but the general concept remains the same.

How can I check which TLS version is being used on my Ubuntu 20.04 system?

You can use the openssl command-line tool to check the TLS version being used. Open a terminal and run the following command:

openssl s_client -connect localhost:443 -tls1_2

Replace localhost:443 with the appropriate hostname and port for your system. If the connection is successful, it will display the TLS version being used.

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Jacob Hicks
Jacob HicksAuthor

Jacob has been writing for DeviceTests since 2021. He enjoys testing new hardware and software, and sharing his findings with the world.

Related Posts
Ubuntu 5
How To Boot Windows and Ubuntu on Multiple Drives Without Grub Dependency
July 18, 2023
Ubuntu 7
Alternatives to Microsoft Office on Ubuntu: Solving the ODT to DOCX Conversion Issue
July 17, 2023
Ubuntu 16
How To Install Eclipse C/C++ on Ubuntu 18.04
July 24, 2023