Disable TLS 1.0 and 1.1

CoraRain · August 22, 2022, 8:28pm

Hello!

I recently deployed a static website on Render with a custom domain name, and so far it’s been really nice. One issue I found though was in testing the TLS settings with SSL Labs, it shows that TLS 1.0 and 1.1 are enabled when being served using the custom domain. These protocols should really be disabled, they have security issues that cannot be fixed, and web browsers removed support for them in 2020. As far as compatibility is concerned, TLS 1.2 is currently supported by 98.8% of total web usage, including IE 11. Interestingly, the same static site being served using the *.onrender.com subdomain correctly has TLS 1.0 and 1.1 disabled.

Render should really disable TLS 1.0 and 1.1 entirely, and probably disable some of the weaker TLS 1.2 cipher suites as well.

Thank you!

al_ps · August 23, 2022, 8:24am

Hi there,

Thanks for reaching out.

Render only uses TLS 1.2+. Please could you share a specific example of where you’re seeing different?

I’ll confirm with the team about the ciphers.

Thanks.

Alan

CoraRain · August 23, 2022, 4:11pm

Hello Alan, I will message you directly if that’s okay

al_ps · August 23, 2022, 4:13pm

If you would prefer not to share details on the public forum, please open a ticket via email, support@render.com, thanks.

Alan

system · September 22, 2022, 4:12pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Configuration of TLS security suites	4	755	April 25, 2022
How disable SSL?	2	43	September 25, 2024
Do I need to setup https on my nodejs application when deploying on render?	5	919	March 19, 2024
HTTP/2 and HTTP/3	2	878	July 28, 2022
SSL not working on custom domain	5	943	February 9, 2021

Disable TLS 1.0 and 1.1

Related topics