We have an issue with a specific site in our domain. We need this site to only allow tls 1.2 and the ciphers suites. We have minimum version set to tls 1.2 and we allow tls 1.3 as that is better for security and other area’s. However we have one site that does not allow tls 1.3 and we get issues with things hitting that site as the don’t have a supported RSA cipher suite. Have looked into a worker to do this, but if 1.3 is tried we get failure. Any suggestions?
async function handleRequest(request) {
try {
const tlsVersion = request.cf.tlsVersion
// Allow only TLS versions 1.2 and 1.3
if (tlsVersion != “TLSv1.2”) {
return new Response(“Please use TLS version 1.2.”, {
status: 403,
})
}
return fetch(request)
}
catch (err) {
console.error(
“request.cf does not exist in the previewer, only in production”,
)
return new Response(“Error in workers script” + err.message, {
status: 500,
})
}
}
addEventListener(“fetch”, event => {
event.respondWith(handleRequest(event.request))
})