TLS 1.2-only delivery is now available

In February of this year, we announced our revised deprecation plan for TLS 1.0 and 1.1. As part of that plan, we promised to provide customers who wish to enforce stricter security requirements an opportunity to migrate to hosts that only support TLS connections via the TLS 1.2 protocol ahead of our planned deprecation schedule for the rest of the network. We’re happy to announce that you can now request migration to these TLS 1.2-only hosts if you’ve purchased a paid TLS option.

If you’re currently using our shared SAN or wildcard SAN options, we will add your domains to a certificate on a new TLS 1.2-only host. You’ll then need to modify your CNAME and Anycast (if applicable) DNS records to point to this new host. (We will leave the domain on both certificates during the migration period so traffic is not interrupted.)

If you’re using our customer certificate hosting option, we can disable TLS 1.0 and 1.1 on request with no further action on your part.

Keep in mind that, while TLS 1.2 is supported in all modern browsers, removing support for TLS 1.0 and 1.1 may prevent some older browsers from reaching your site over TLS.  A great breakdown of which browsers support which version of TLS is here.

If you'd like to migrate to TLS 1.2-only, or have any questions about the process, please contact our team and we'll be happy to help.

Sean Leach
Chief Product Architect
Published

1 min read

Want to continue the conversation?
Schedule time with an expert
Share this post
Sean Leach
Chief Product Architect

Sean is Chief Product Architect at Fastly, where he focuses on driving the product and technology strategy, security and network research, as well as evangelizing Fastly globally.

Ready to get started?

Get in touch or create an account.

Try Fastly FreeTalk to an expert
Fastly
© Fastly 2024