What is the right way to set TLSv1.2 protocol while configuring virtual host ?

I want to allow only TLSv1.2 protocol via my secure virtual host. So, I configured the virtual host with the protocol field set as follows:

"protocols": [
      "TLSv1.2"
 ]

However, it still allows the protocols TLSv1 and TLSv1.1. It doesn't allow SSLv3, which is working as expected.

I think the way I have set the protocol field to TLSv1.2 is possibly wrong. Can someone suggest me the right way to set the TLSv1.2 protocol for configuring the virtual host ?

0 3 528
3 REPLIES 3

After some experiments in my own org, I have figured out that I had set the protocol field correctly. That is, if you want to allow

a) only TLSv1.2 protocol for a specific virtual host, then set the protocols field as follows:

"protocols": [
      "TLSv1.2"
    ]

b) TLSv1.1 and TLSv1.2 protocols for a a specific virtual host, then set the protocols field as follows:

"protocols": [
      "TLSv1.2",
      "TLSv1.1"
    ]

and so on and so forth.

However, I was not able to understand why it allowed TLSv1 and TLSv1.1 protocols in the other org (let's say "org2") even though I had set only TLSv1.2 protocol.

One more strange thing that happened today was - I tried setting different protocols again in the "org2" for a virtual host and experimenting. Finally I set only "TLSv1.2". Booooom!! all of a sudden it started working fine for "org2" as well. That is, it started allowing only TLSv1.2 protocol.

I haven't been able to figure out what was the issue earlier and what made it to work now.

I am curious if there was something malformed in your original configuration. As you describe it is how the system works. If you had misspelled "protocols" then that part of the payload would be ignored and the defaults would be used. Is that perhaps what occurred in your first example?