Minimum TLS version doesn't work on some records

I have some CNAME records on my domain, says, and I set minimum TLS version to 1.2.

I’ve used these commands to test it:

curl -svo /dev/null --tls-max 1.1
curl -svo /dev/null --tls-max 1.1

The first command fails with error, which is good. But the second one succeeds, which is not desired.

I have checked Page Rules, there is no rule related to Does anyone know why?

(all domain and subdomains are just examples)

Likely because the second one is a CNAME to a target managed by a Cloudflare SaaS partner and their SSL settings will apply.


When I checked the target domain, it does not support 1.1 either, and indeed its certificate is from Cloudflare.

Is that an error, or they just configure the TLS version for my domain differently?

My account doesn’t have access to Cloudflare for SaaS, so I don’t know what settings are there.

Likely this. Unless they change the default when provisioning a cert that is the behavior.

1 Like

Then I will contact my SaaS provider to see what settings they are using.

Thanks a lot.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.