How do I disable TLS 1.0 and 1.1 on Shiny server pro


I have a shiny server running and configured so that users can connect to it via https; to do this I followed the guide at:

Everything seems fine, but now I want to disable TLS 1.0 and 1.1; I've found a number of posts online that suggest adding a line like the following to my /etc/shiny-server/shiny-server.conf

 ssl_protocols TLSv1.2;

But after adding it, the shiny server fails to launch; shiny.log gives the error:

 Error loading config: Unknown directive "ssl_protocols" (/etc/shiny-server/shiny-server.conf:16:3)

Great; apparently, ssl_protocols isn't the correct directive (seems to be more of an nginx directive), so how do I disable the older TLS protocols?

Hi, unfortunately there isn't a way to control SSL settings like this directly with Shiny Server Pro.

I think you're right, the posts you found were talking about running Shiny Server "behind" nginx, which is a fine way to do it. It's definitely the direction I recommend going if you want this degree of control over SSL settings.

There's a good RStudio support article about it that I recommend:

FYI, we're going to add the ability to disable TLS 1.0 and/or 1.1 in the next version of Shiny Server Pro (1.5.8, expected to ship in late August). Thanks for the feedback.

Thats awesome. Thank you.


Update: SSP 1.5.8 is out and there's a new ssl_min_version configuration directive: