You Currently Have TLSv1 Enabled


I use flexible Cloudflare SSL. But when I check my domain on whynopadlock (dot) com, I got this warning.

You currently have TLSv1 enabled.
This version of TLS is being phased out. This warning won’t break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018.

Can you explain what is this and what is the impact?

Cloudflare’s Default lowest TLS is 1.0, but it will respond to higher versions.

You can set the minimum TLS in your SSL/TLS settings page. I have mine set to 1.2 and have 1.3 Enabled+0RTT


Since TLS 1.0 weaks your encryption I guess you’ll get some trouble during your PCI-DSS audit. At least with a finding.

How ever: from my point if view the audit should fail immediately when your are using the flexible option - without compromises. Traffic between Cloudflare and your servers(s) is unencrypted! You are handling sensitive data. This should be worth 5$/month at least for a dedicated certificate und full encryption.


This topic was automatically closed after 14 days. New replies are no longer allowed.