Minimum TLS Version
Minimum TLS Version only allows HTTPS connections from visitors that support the selected TLS protocol version or newer.
How to disable TLS 1.0
You can disable TLS 1.0 by choosing a higher minimum TLS version.
To manage the TLS version applied to your whole zone when proxied through Cloudflare:
This is currently only available via the API:
- Use the endpoint to specify different values for
- Use the endpoint to clear previously defined
Test supported TLS versions
To test supported TLS versions, attempt a request to your website or application while specifying a TLS version.
For example, use a
curl command to test TLS 1.1 (replace
www.example.com with your Cloudflare domain and hostname):
$ curl https://www.example.com -svo /dev/null --tls-max 1.1
If the TLS version you are testing is blocked by Cloudflare, the TLS handshake is not completed and returns an error:
* error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert