Identifying requests that are using old versions of TLS

We’re anticipating the eventual deprecation of TLSv1.0 and TLSv1.1. In preparation, we’d like to identify requests that are still using old versions of TLS. While this seems to be achievable using JavaScript by querying /cdn-cgi/test, we’re mostly concerned about automated traffic (e.g., RSS readers), as we suspect those account for the majority of TLSv1.0 and TLSv1.1 requests. Is there a way we can identify such requests?

1 Like

Thanks. I need to identify individual requests, though, not aggregate data.

That’s full-on logging. Only Enterprise plans have this, but you can add to your zone.

1 Like

(Replied in the wrong thread before)
You can see the TLS version of a request by using Cloudflare Workers

The TLS version will be in event.request.tlsVersion


Even a header would be sufficient, such as something in CF-Visitor. It’s a shame that there’s nothing already like that. I was hoping there might be something I could toggle hidden somewhere.

Unfortunately, I don’t think Workers would cut it here; we get too many requests. Enterprise would be significantly cheaper at that point.

This topic was automatically closed after 30 days. New replies are no longer allowed.