Disable TLS 1.0 and 1.1


I recently deployed a static website on Render with a custom domain name, and so far it’s been really nice. One issue I found though was in testing the TLS settings with SSL Labs, it shows that TLS 1.0 and 1.1 are enabled when being served using the custom domain. These protocols should really be disabled, they have security issues that cannot be fixed, and web browsers removed support for them in 2020. As far as compatibility is concerned, TLS 1.2 is currently supported by 98.8% of total web usage, including IE 11. Interestingly, the same static site being served using the *.onrender.com subdomain correctly has TLS 1.0 and 1.1 disabled.

Render should really disable TLS 1.0 and 1.1 entirely, and probably disable some of the weaker TLS 1.2 cipher suites as well.

Thank you! :purple_heart:

Hi there,

Thanks for reaching out.

Render only uses TLS 1.2+. Please could you share a specific example of where you’re seeing different?

I’ll confirm with the team about the ciphers.



Hello Alan, I will message you directly if that’s okay

If you would prefer not to share details on the public forum, please open a ticket via email, support@render.com, thanks.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.