If I find the SK will update this thread. If can, try to exclude TLSv1.1 as well and see if you get a problem. SSLProtocol -ALL TLSv1.1 +TLSv1.2 +TLSv1.3 SSLCipherSuite HIGH:!ADH:!RC4:!DHE:!LOW:!EXP:!RSA:!eNULL:!aNULL:!SSLv2:!MD5 It is not recommended to set the minimum TLS to 1.3, unless there is a specific use case, as this will likely cause issues with search engine crawlers and certain browsers.Did try to find it, I seem to remember typing in the error I got and then finding an SK which hinted at the requirement for TLSv1.1 so I ensured this was added. However, you also need to ensure that your users upgrade to a TLS 1.2 compliant browser. These sites might already have more stringent security requirements or might be subject to PCI compliance. In this way, you minimize the possibility that some clients cannot connect to your site securely.įor a narrow user base and sites that run internal applications or business and productivity applications, Cloudflare recommends TLS 1.2. Depending on your particular business situation, this may present some limitations in using stronger encryption standards.Ĭonsider using TLS 1.0 or 1.1 for sites with a broad user base, particularly non-transactional sites. Not all browser versions support TLS 1.2 and above. TLS 1.3, which offers additional security and performance improvements, was approved by the Internet Engineering Task Force (IETF) in May 2018.
Cloudflare recommends migrating to TLS 1.2 to comply with the PCI requirement. TLS 1.2 includes fixes for known vulnerabilities found in previous versions.Īs of June 2018, TLS 1.2 is the version required by the Payment Card Industry (PCI) Security Standards Council. Understand TLS versionsĪ higher TLS version implies a stronger cryptographic standard. * error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alertįor guidance on which TLS version to use, review the information outlined below. If the TLS version you are testing is blocked by Cloudflare, the TLS handshake is not completed and returns an error:
0 kommentar(er)
