Disable TLS 1.0/1.1 for R2 subdomain

We need to disable TLS 1.0 and 1.1 for our subdomains that are served by R2. We configured this at the top level for *.ourdomain.com but that doesn’t seem to be applying to the R2 subdomains.

Is there a way to do this?

2 Likes

Like your custom domains for R2 or the r2.dev domain?

Our own domains.

Have you set the minimum TLS version under SSL?
https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates

I see the same problem.
I turned on “Minimum TLS 1.2”, “Always use HTTPS”, and also HSTS. I use default SSL certificate from Cloudflare (I don’t have Advanced Certificate Manager).

  • Website using just CF Proxy have SSL configuration like described above (only TLSv1.2 and TLSv1.3 enabled).
  • Resources in R2 (available on my subdomain) are available also using TLSv1.0 and TLSv1.1, so my SSL settings doesn’t work here.
2 Likes

Same issue here. I also have Minimum TLS Version configured under https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates

Cloudflare’s own compliance checker alerts on this under Security Center > Security Insights

1 Like