Defining TLS Version per site

Hello,

I have some legacy web services that only support TLS v1.0 under the same account/zone as other modern web apps that plays nice with TLS v1.2. In hoping as a temporary workaround, I’ve had to lower the global TLS minum versioning to 1.0. Is it possible to declare a minimum TLS versioning for a single host? I checked out the API documentation around this HERE and appears to be limited.

Any help would be greatly appreciated.

Sorry, it looks to be an all or nothing option.

:wave: @A-dministrator,

As an enterprise customer you can utilize subdomain signup to manage this separately or on really any plan you can use workers to reject/redirect based on TLS level I believe.

— OG

2 Likes

@OliverGrant ,

Thanks for responding - I did just hear from CF support that it appears to be the only answer. it’s unfortunate that I would then need to create a separate site. Interesting hacky solution in leveraging workers :grinning: good to know as another option.

This creates a limitation and overhead of manageability with a new set of rules/configuration in the parent site won’t transfer over. Might be a feature request to have a true enterprise structure to separate out roles based off of sites, global policies that get inherited etc.

@sdayman,

Thanks for verifying that.

This topic was automatically closed after 30 days. New replies are no longer allowed.