diff --git a/server/conf/nginx_vhost.conf.master b/server/conf/nginx_vhost.conf.master
index 5bd90fd822aeef866fc948e293f130f523a86a65..f2b3e0f8338fc5d520dd5ce975e32d4131bfec9c 100644
--- a/server/conf/nginx_vhost.conf.master
+++ b/server/conf/nginx_vhost.conf.master
@@ -19,11 +19,9 @@ server {
 </tmpl_if>
 </tmpl_if>
 
-<tmpl_if name='tls1.3_supported' op='==' value='y'>
-<tmpl_var name="ssl_protocols">
+<tmpl_if name='tls13_supported' op='==' value='y'>
 	ssl_protocols TLSv1.3 TLSv1.2;
 <tmpl_else>
-<tmpl_var name="ssl_protocols">
 	ssl_protocols TLSv1.2;
 </tmpl_if>
 		# ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index 9eb2e1ef04a38131933bff40c8e27a384f5d1b1f..ada8e71c3cd535a1d62f8759a1ab9bc0d6ac2b1c 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -1631,16 +1631,14 @@ class nginx_plugin {
 		// set logging variable
 		$vhost_data['logging'] = $web_config['logging'];
 
-                // Provide TLS 1.3 support if Nginx version is >= 1.13.0 and when it was linked against OpenSSL(>=1.1.1) at build time.
-		$output = $app->system->exec_safe('nginx -V 2>&1');
-
-		if(preg_match('/built with OpenSSL\s*(\d+)(\.(\d+)(\.(\d+))*)?(\D|$)/i', $output[0], $matches)) {
-                        $nginx_openssl_ver = $matches[1] . (isset($matches[3]) ? '.' . $matches[3] : '') . (isset($matches[5]) ? '.' . $matches[5] : '');
-		}
-
-		if((version_compare($app->system->getnginxversion(true), '1.13.0', '>=') && version_compare($nginx_openssl_ver, '1.1.1', '>='))) {
+		// Provide TLS 1.3 support if Nginx version is >= 1.13.0 and when it was linked against OpenSSL(>=1.1.1) at build time and when it was linked against OpenSSL(>=1.1.1) at runtime.
+		$nginx_openssl_build_ver = $app->system->exec_safe('nginx -V 2>&1 | grep \'built with OpenSSL\' | sed \'s/.*built\([a-zA-Z ]*\)OpenSSL \([0-9.]*\).*/\2/\'');
+		$nginx_openssl_running_ver = $app->system->exec_safe('nginx -V 2>&1 | grep \'running with OpenSSL\' | sed \'s/.*running\([a-zA-Z ]*\)OpenSSL \([0-9.]*\).*/\2/\'');
+		if(version_compare($app->system->getnginxversion(true), '1.13.0', '>=')
+			&& version_compare($nginx_openssl_build_ver, '1.1.1', '>=')
+			&& (empty($nginx_openssl_running_ver) || version_compare($nginx_openssl_running_ver, '1.1.1', '>='))) {
 			$app->log('Enable TLS 1.3 for: '.$domain, LOGLEVEL_DEBUG);
-			$vhost_data['tls1.3_supported'] = 'y';
+			$vhost_data['tls13_supported'] = "y";
 		}
 
 		$tpl->setVar($vhost_data);