TLS 1.0/1.1 plan

[JakeChampion]

Hi,

I see you are using the legacy TLS 1.1/1.0 and 3DES certificate from Fastly. Do you have any plans for when Fastly remove legacy TLS 1.1/1.0 and 3DES support in June 2018?

[jimaek]

I will need to get in contact with them to make sure. Do you require the older TLS versions for some use-case?

[JakeChampion]

Yes, I support IE 10 and Android 4 which do not work with TLS 1.2. I was wondering if it is possible to switch provider based on TLS support using Cedexis, that could be a solution.

[jimaek]

The code runs on the DNS level so it doesn't have access to this kind of information.
We have 2 options here:

1. Work with Fastly to somehow continue the support of older TLS. I will email them today.
2. Exclude Fastly from serving to countries with high IE usage levels. Not perfect but it should solve most problems.

[jimaek]

I finally got a response from them. They said its not possible.
I am thinking about possible solution because I know Algolia also relies on the older TLS support.

I will need to talk to them but I am thinking at best disabling Fastly for countries like India where old IE is popular and at worse removing them completely.