Is it possible to disable Tls1.3 on free zones?

alexander33 · April 2, 2025, 8:36pm

What is the name of the domain?

What is the issue you’re encountering

Unable to disable TLS 1.3

What steps have you taken to resolve the issue?

In the “SSL/TLS > Edge Certificates” section I have TLS 1.3 disabled for my zone.
TLS 1.3
Enable the latest version of the TLS protocol for improved security and performance - OFF

However by submitting the request https://zone_name/cdn-cgi/trace I get the following

uag=Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0
colo=CDG
sliver=none
http=http/3
loc=FR
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off

So It is unclear for me how to disable Tls1.3 on my free zone.
Probably Tls1.3 is always activated on free zones regardless of my configuration in the Edge Certificates section.

Laudian · April 2, 2025, 11:12pm

HTTP3 only works with TLSv1.3. The switch disables TLS 1.3 for HTTP 1&2.

alexander33 · April 3, 2025, 8:12am

Yes. Tls1.3 disappears if I set http3 to OFF,

Speed > Optimization > HTTP/3 (with QUIC) - OFF

The page looks as expected:
uag=Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0
colo=CDG
sliver=010-tier1
http=http/2
loc=FR
tls=TLSv1.2
sni=plaintext
warp=off
gateway=off

Thank you.

system · April 5, 2025, 8:13am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
TLS 1.3 disabled but still serving China Network	19	2842	May 1, 2022
TLS 1.0 is enabled Security	2	1056	April 13, 2023
Disable TSL1.0 Security	8	9761	February 7, 2020
Can I disable TLS1.1 with app fronted with Spectrum? Spectrum	1	970	July 18, 2023
TLS 1.3 disabled but not works China Network	1	444	February 1, 2024

Is it possible to disable Tls1.3 on free zones?

What is the name of the domain?

What is the issue you’re encountering

What steps have you taken to resolve the issue?

Related topics