Welcome to Centmin Mod Community
Register Now

Cloudflare TLSv1.3 only if using CloudFlare

Discussion in 'System Administration' started by BamaStangGuy, Oct 19, 2019.

  1. BamaStangGuy

    BamaStangGuy Premium Member Premium Member

    650
    188
    43
    May 25, 2014
    Ratings:
    +263
    Local Time:
    11:42 PM
    Is there any downside to only allowing TLSv1.3 in nginx if behind CloudFlare?
     
  2. eva2000

    eva2000 Administrator Staff Member

    44,742
    10,200
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,809
    Local Time:
    2:42 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Not all clients support TLSv1.3 so you'd want TLSv1.2 + TLSv1.3 supported
     
  3. BamaStangGuy

    BamaStangGuy Premium Member Premium Member

    650
    188
    43
    May 25, 2014
    Ratings:
    +263
    Local Time:
    11:42 PM
    I planned to leave TLSv1.2 as the minimum in CloudFlare settings but shouldn't CloudFlare connect to my server via TLSv1.3 always anyways?
     
  4. eva2000

    eva2000 Administrator Staff Member

    44,742
    10,200
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,809
    Local Time:
    2:42 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Yeah with Cloudflare Full or Full Strict SSL enabled (not Flexible SSL), Cloudflare will connect to your Centmin Mod Nginx origin via TLSv1.3 if Centmin Mod Nginx supports it which it does in 123.09beta01 and newer versions at least.