TLS Traffic not secure / TLS v1.1 deprecated?

Dashboard says:
Unsecure Traffic: 23%
TLS v1.0: 0.3%
TLS v1.1: 39%
TLS v1.3: 38%

  1. Help field says a percentage of unencrypted traffic is “normal”, which percentage is normal?
  2. SSL/TLS encryption is full, Always use HTTPS, Automatic HTTPS Rewrites, Opportunistic Encryption are all on. I have changed TLS Minimum version to v1.2 today. Is there a way to reduce insecure traffic to 0?
  3. TLS v1.0 and v1.1 were announced to be deprecated. Having set the TLS minimum version to v1.2 in the setting of our website. Is there a possibility any user from our community cannot access our site?

insecure also includes non-https to https redirects

About TLS Analytics

This shows the division between unencrypted and encrypted ‘HTTPS’ requests using TLS. Redirects from HTTP to HTTPS are counted as unencrypted requests. When a page rule or origin server redirect to HTTPS is used, a percentage of unencrypted traffic is normal

Note: In order to increase the amount of traffic served over HTTPS, you should redirect all visitors to HTTPS.

The stats are for requests not responses. So you can have an invalid request for TLSv1.0 - which will count but not be served/responded. TLSv1.0 requests can come from crawlers or bots. If you have TLSv1.2 min set like I do, I just use CF Firewall to block TLSv1.0 and TLSv1.1 requests from bad bots only and exclude known good bots.

This topic was automatically closed after 30 days. New replies are no longer allowed.