Back to blog

Follow and Subscribe

TLS 1.2-only delivery is now available

Sean Leach

Chief Product Architect, Fastly

In February of this year, we announced our revised deprecation plan for TLS 1.0 and 1.1. As part of that plan, we promised to provide customers who wish to enforce stricter security requirements an opportunity to migrate to hosts that only support TLS connections via the TLS 1.2 protocol ahead of our planned deprecation schedule for the rest of the network. We’re happy to announce that you can now request migration to these TLS 1.2-only hosts if you’ve purchased a paid TLS option.

If you’re currently using our shared SAN or wildcard SAN options, we will add your domains to a certificate on a new TLS 1.2-only host. You’ll then need to modify your CNAME and Anycast (if applicable) DNS records to point to this new host. (We will leave the domain on both certificates during the migration period so traffic is not interrupted.)

If you’re using our customer certificate hosting option, we can disable TLS 1.0 and 1.1 on request with no further action on your part.

Keep in mind that, while TLS 1.2 is supported in all modern browsers, removing support for TLS 1.0 and 1.1 may prevent some older browsers from reaching your site over TLS.  A great breakdown of which browsers support which version of TLS is here.

If you'd like to migrate to TLS 1.2-only, or have any questions about the process, please contact our team and we'll be happy to help.