Hi all, this is related to not being able to connect to stripe webhooks. It may be because of my TLS version. Stripe webhooks don’t support TLS 1.3. If my version is 1.3, how do I downgrade to TLS 1.2?
Thanks in advance!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hey!
To check the TLS version that your server is using, you can use the openssl command from a terminal.
openssl s_client -connect yourdomain.com:443 -tls1_2
If it connects successfully, it indicates that TLS 1.2 is supported. You can change -tls1_2 to -tls1_3 to test for TLS 1.3.
For the configuration itself, if you find out that your server is using TLS 1.3 and you need to downgrade to TLS 1.2, you’ll need to modify the server’s configuration.
This will depend on if you are using Nginx or Apache:
For Nginx:
- Edit the Nginx configuration file, usually found at
/etc/nginx/nginx.confor under/etc/nginx/sites-available/. This will depend on the OS that you are using. - Then in that config file modify the SSL protocol settings:
ssl_protocols TLSv1.2; # This disables TLSv1.3 and uses only TLSv1.2 - Then run a config test with
sudo nginx -tand if you getSyntax OK, restart Nginx to apply the changes:sudo systemctl restart nginx
For Apache:
- Edit the Apache SSL configuration file, typically located at
/etc/apache2/mods-enabled/ssl.conf. - Update the SSLProtocol directive:
This configuration enables TLS 1.2 while disabling TLS 1.3 and older versions.SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.3 - Run a config test with
apachectl -tand if you getSyntax OK, restart Apache**:sudo systemctl restart apache2
After you’ve made these changes, you can re-run the openssl command or use an online service like SSL Labs’ SSL Test to verify the server’s SSL/TLS configuration.
Let me know how it goes!
- Bobby
Heya, @swimminglapiswalrus
You can use online tools like SSL Labs’ SSL Test or use curl from the command line:
curl -I -v --tlsv1.2 https://your_domain
This should confirm that your server is using TLS 1.2 for secure connections.
To downgrade your TLS version to 1.2 on a DigitalOcean droplet, you’ll need to adjust the configuration of your web server (e.g., Nginx or Apache) to ensure it uses TLS 1.2 instead of TLS.
The process will be slightly different if you use Apache or Nginx. If you can share more information I can give you some details on how to set this.
Hope that this helps!
There are a few ways to go about this.
Using NMAP:
nmap --script ssl-enum-ciphers -p 443 <hostname or IP>
You might need to install nmap:
apt install nmap
Using OpenSSL
openssl s_client -connect <hostname or IP>:443 -tls1
For example, if we need to check TLS 1.2 for google.com, the following command can be used:
openssl s_client -connect www.google.com:443 -tls1_2
Another way to check the TLS version is by using the following command:
openssl ciphers -v
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.