I have a site bound to a TLS v1.2 certificate. Can clients that only support TLS 1.0 or 1.1 still communicate over port 443 with my site? I.e., will the web server drop down to TLS 1.0 or 1.1 if it determines that a given client is not capable of negotiating TLS 1.2? Is the TLS v1.2 certificate capable of accommodating TLS 1.0 and/or TLS 1.1?
Asked
Active
Viewed 6,703 times
1 Answers
6
Cert will work fine with any SSL/TLS version. Run Test to make sure.
There is no such thing as a "TLS 1.2 certificate". (It'll be an "X 509 v3" certificate.) And it'll support any existing SSL/TLS version. You'll be fine.
will the web server drop down to TLS 1.0 or 1.1 if it determines that a given client is not capable of negotiating TLS 1.2?
Yes, if you configure your web server to support more than one protocol version, then the version negotiation will settle for the highest version supported by both client and server.
But to make sure just run your site through the SSL Labs tester: https://www.ssllabs.com/ssltest/
StackzOfZtuff
- 17,783
- 1
- 50
- 86