TLS 1.3 disabled but still serving

We have had TLS 1.3 disabled on our domain, but we have noticed that MOST traffic is still served over TLS 1.3.
We have also confirmed that we can load our sites over TLS 1.3.

How do we disable TLS 1.3 completely since it does not seem to be working?

We need to have TLS 1.3 disabled since a lot of TLS 1.3 traffic is still blocked in China

1 Like

How did you disable it?

I did a test for my website and SSL test shows that my TLS 1.3 is no longer enabled:

By the way what is your website?

1 Like

Could you let me know how you performed this test?

I disabled it by clicking the toggle under SSL/TLS > Edge Certificates > TLS 1.3

Here is the stats I am seeing on Cloudflare under SSL/TLS > Overview

TLS 1.3 is disabled on most of my accounts for the same reason as you. I retested a bunch of my sites to double check that TLS 1.3 is definitely disabled and didn’t see any issues.

I did have an issue once where it wouldn’t disable despite trying to toggle it on and off multiple times through the dashboard, how I fixed it was to pause the site on Cloudflare and then resume it about 5 minutes later. That will interrupt the site so try that with caution.

Thanks for the reply. Good to know I am not alone, any suggestions on how to confirm its turned off? A testing tool of some sort?

I haven’t bothered to re-check the TLS 1.3 situation in China since last year but I did notice that recently Cloudflare has switched it on for a number of sites China specific sites they (Cloudflare) manage under the Enterprise plans. Notably would be https://canva.cn/ which is a China specific site domain, on Enterprise Cloudflare plan with the China Network on. If you test https://canva.cn/ nowadays you’ll see that Cloudflare has switched on TLS 1.3 whereas it was previously disabled.

My point being that maybe the TLS 1.3 is okay to enable nowadays but I haven’t confirmed that. It’s totally possible that whoever is managing these zones at Cloudflare has made a mistake.

Just to clarify, that page shows data from the last 24 hours. If you disabled TLS 1.3 less than 24 hours ago, it might still show up on that page.

You can run a test like this to check if it worked :slightly_smiling_face:

1 Like

These settings have been disabled for months, I am checking all my sites now, some are showing TLS 1.3 Enabled and some are disabled as it should be.

This seems like a bug to me, not sure how I can get it to disable on the sites that are not disabling…

Ok, thanks for mentioning that here. I just Googled some random GUI tool online upon @Atur asking about a tool.

I recommend just testing TLS versions with cURL to be sure but its command line so not as easy and not possible on mobile.

Thanks! I did check and baidu.com still has TLS 1.3 off so I guess its best to keep it off for now - just need to figure out how to get it FULLY turned off on my site.

Is there a way to submit a bug report to Cloudflare about this?

Hoping an MVP or Community Team member can escalate the ticket I created for this, we created this ticket before the community post and have since confirmed this is a BUG and issue for other users as well as that even when disabling these settings via the API it still does not get disabled for some of our sites.

Ticket # 2423172 - https://support.cloudflare.com/hc/en-us/requests/2423172

1 Like

Sure.

1 Like

Did you ever get an answer to this? The only way I’ve seen to fix it is by pausing Cloudflare and then resuming Cloudflare on the affected domain.

I was able to fix one domain by moving it to a new Cloudflare account - the second is waiting on Cloudflare support to find a fix…

It’s been a week! Did they respond to your ticket?

Yes they said:

Hi there,

Sorry for the inconvenience!

Just wanted to leave you a quick note to ensure you that our Engineer teams are working actively on your issue.

Although we do not have an ETA, we shall keep you posted on any new findings.

Thank you for your patience during the investigation period.

Kind regards

Hello

Thank you for your patience on this matter.

As per your ticket ref - 2423172 - this has now been updated yesterday confirming a fix has been applied to your zone & confirmed as resolved.

2 Likes

Will the underlying issue that keep causing this issue be fixed?

Its obviously painful to have to pause & resume a domain on Cloudflare to get the issue fixed urgently, and the alternative to raise a ticket and wait 2-4 weeks for you guys to action it isn’t any good either.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.