is there a way in Analytics to track down the connections droppped during the handshake due to the maximum TLS version supported by client being lower than the minimum TLS version configured in the Cloudflare settings?
We spent a lot of time in troubleshooting a TLS 1.0 client not being able to send requests and would be very useful to have visibility on this kind of events.
NEL reporting will expose this kind of data. However, it is likely that a client that only supports TLS 1.0 is far too old to support NEL.
You can add NEL endpoints to any request, Cloudflare is developing his own tools, but there are thir parties that can help.
While true, NEL requires the User-Agent to support NEL, and there is essentially no overlap between UAs that support NEL and UAs that only have TLS v1.0 support.
Oh, absolutely. Wasn’t questioning that part, just the reference to Cloudflare’s NEL products, which are not strictly required (while still very much convenient)
Personally I prefer Report-URI for this kind of reporting.
Their UI is slightly dated, but it works pretty well and it’s the only full solution for this kind of stuff.