tuan2
1
I have some CNAME records on my domain, says mydomain.com, and I set minimum TLS version to 1.2.
I’ve used these commands to test it:
curl https://aaaa.mydomain.com -svo /dev/null --tls-max 1.1
curl https://bbbb.mydomain.com -svo /dev/null --tls-max 1.1
The first command fails with error, which is good. But the second one succeeds, which is not desired.
I have checked Page Rules, there is no rule related to bbbb.mydomain.com. Does anyone know why?
(all domain and subdomains are just examples)
Likely because the second one is a CNAME to a target managed by a Cloudflare SaaS partner and their SSL settings will apply.
2 Likes
tuan2
3
When I checked the target domain, it does not support 1.1 either, and indeed its certificate is from Cloudflare.
Is that an error, or they just configure the TLS version for my domain differently?
tuan2
4
My account doesn’t have access to Cloudflare for SaaS, so I don’t know what settings are there.
Likely this. Unless they change the default when provisioning a cert that is the behavior.
1 Like
tuan2
6
Then I will contact my SaaS provider to see what settings they are using.
Thanks a lot.
system
Closed
7
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.