Forcing TLS 1.3 from Edge to origin


Is there any way possible to force TLS 1.3 between server (origin) to edge?

We don’t have control over how Cloudflare connects to the origin, including trying to force an HTTP/2 connection. Why are you trying to limit it to TLS 1.3?

I just want to make it fast enough to remove cache everything. I can’t afford ARGO and cloudflare is accessing server over HTTP 1.1 and TLS 1.2 to promote its product ARGO.

If you’re origin server supports HTTPS with TLSv1.3, then Cloudflare edge servers will connect to your origin via HTTP/1.1 TLSv1.3 where possible. I’ve been doing that with Cloudflare and my Nginx origin servers since last Feb 2019 :slight_smile:

If you want to force it, you can probably disable TLS protocol support on your origin server for TLS 1.0, 1.1, 1.2 and just support TLSv1.3. Technically that should work - haven’t tried it.


I hadn’t experimented this, but I just set one of my servers to TLS 1.3 only and it’s still working, so there’s that.


Good to know.

Though I do recall now that Cloudflare Railgun communicates over TLSv1.2. So if using Railgun, might need TLSv1.2 + TLSv1.3 for origin server TLS protocol support.


Thanks guys for ideas. Is there any such idea to force HTTP-2?

This topic was automatically closed after 30 days. New replies are no longer allowed.