Deprecating TLS 1.0 and 1.1 on api.cloudflare.com
On June 4, Cloudflare will be dropping support for TLS 1.0 and 1.1 on api.cloudflare.com. The dashboard will also be moved from www.cloudflare.com/a to dash.cloudflare.com and will require a browser that supports TLS 1.2 or higher. No changes will be made to customer traffic that is proxied through their network, though customers may decide to enforce a minimum version for their own traffic. Prior to June 4, API calls made with TLS 1.0 or 1.1 will have warning messages inserted into responses and dashboard users will see a banner encouraging them to upgrade their browser. The Transport Layer Security (TLS) is the protocol used on the web today to encrypt HTTPS connections. Standards bodies such as the Payment Cards Industry Security Standards Council (PCI SSC) and the National Institute of Standards and Technology (NIST) recommend disabling TLS 1.0 and 1.1. Almost all traffic seen by Cloudflare already uses TLS 1.2 or greater, so most users will not need to make any changes.
Company
Cloudflare
Date published
March 12, 2018
Author(s)
Patrick R. Donahue
Word count
1329
Hacker News points
None found.
Language
English