Will changing min version of TLS drop existing connections?

We want to bump the min version of TLS from 1.1 to 1.2. Will that cause current connections to be dropped or does it only apply to new connections?

It will apply to new connections I guess, but on normal HTTPS websites the connections last a few seconds at most (often less). Only WebSockets can last longer, but I guess they get dropped after a while so it won’t last long.

Also, changing from TLS v1.1 to v1.2 won’t change much as the v1.1 is barely used.

We have agents other than web browsers and there are thousands of them that hold persistent or long lived connections so just want to avoid a reconnect of the whole fleet. Sound like that won’t happen though?

They are still most likely connecting every time they have a request for the website. They can’t remain connected for long, after a specific amount the connections are dropped automatically by the Edge POPs. They will reconnect automatically.

1 Like

One more bit - the only concern is if they drop all existing connections immediately. We already expect that reconnects will happen over time, just not the whole fleet within seconds. We can support a massive reconnect event, just want a heads up that it will happen so we can rule out other causes if it happens.

It shouldn’t change your current load as they are already reconnecting constantly, plus I would hope that the fleet doesn’t use TLS v1.1, but v1.2 at least. It should change things for the fleet.

This topic was automatically closed after 30 days. New replies are no longer allowed.