Defining TLS Version per site


I have some legacy web services that only support TLS v1.0 under the same account/zone as other modern web apps that plays nice with TLS v1.2. In hoping as a temporary workaround, I’ve had to lower the global TLS minum versioning to 1.0. Is it possible to declare a minimum TLS versioning for a single host? I checked out the API documentation around this HERE and appears to be limited.

Any help would be greatly appreciated.

Sorry, it looks to be an all or nothing option.

:wave: @A-dministrator,

As an enterprise customer you can utilize subdomain signup to manage this separately or on really any plan you can use workers to reject/redirect based on TLS level I believe.

— OG


@OliverGrant ,

Thanks for responding - I did just hear from CF support that it appears to be the only answer. it’s unfortunate that I would then need to create a separate site. Interesting hacky solution in leveraging workers :grinning: good to know as another option.

This creates a limitation and overhead of manageability with a new set of rules/configuration in the parent site won’t transfer over. Might be a feature request to have a true enterprise structure to separate out roles based off of sites, global policies that get inherited etc.


Thanks for verifying that.

This topic was automatically closed after 30 days. New replies are no longer allowed.