main reasons to disable TLS 1.1/1.2

Question

What is the security risk of not disabling TLS v1.1/.2 ?

I have multiple websites on Cloudflare

Answer 1

Most websites intended for a general audience will want to select TLS versions based on security and browser compatibility. If you have guarantees that the clients used to connect to your website will be reasonably up to date, you may be able to depend on TLS1.3 alone.

The optimal configuration for your website will depend on a number of parameters, and the configuration will need to change over time as support for stronger protocols and ciphers is added to browsers. Likewise, you will want to disable less secure protocols and ciphers as vulnerabilities are discovered or they become disused.

Security Considerations

Newer versions of TLS provide fixes for known vulnerabilities in older TLS versions.

Specific vulnerabilities in TLS1.1 have already been discussed. For instance, a countermeasure to the Lucky13 attack is to use AEAD ciphers which became available in TLS1.2.

TLS1.3 removes support for a number of weaker ciphers and hash algorithms while adding stronger ciphers.

Compatibility Considerations

At this time, TLS1.3 is supported by the browsers of ~81% of global users, which is likely not enough to rely solely on TLS1.3.

You will likely want to additionally enable support for TLS1.2, which is currently supported by over 97% of global users. Depending on the specific demographics and requirements of your websites, you may want to disable support for TLS1.0 and TLS1.1 at this time (as many websites have already done).

Client Support

According to Can I Use, current global support as a percentage of users (as of January 2020):

| Version | Global Support |
| ------- | -------------- |
| TLS 1.0 | virtually all  |
| TLS 1.1 | 97.43%         |
| TLS 1.2 | 97.35%         |
| TLS 1.3 | 81.08%         |

Most popular browsers are phasing out support of TLS1.0 and TLS1.1 in 2020. (Source)

Server Support

Server support, as measured by Qualys SSL Labs (as of December 3, 2019):

| Version | Server Support |
| ------- | -------------- |
| TLS 1.0 | 63.4%          |
| TLS 1.1 | 73.7%          |
| TLS 1.2 | 96.2%          |
| TLS 1.3 | 17.0%          |

Many websites have already disabled support for TLS1.0 and TLS1.1. Some users with outdated clients that do not support TLS1.2 are likely receiving error messages when viewing such websites.

Other Notes

Newer TLS versions also add features that you may want to take advantage of.

TLS1.2:

• HTTP/2: TLS1.2 is the minimum TLS version for HTTP/2, which provides additional features to speed up page load time.

TLS1.3:

• Faster handshakes: TLS1.3 will reduce latency in establishing a secure connection.
• Forward Secrecy: In TLS1.3, all ciphers support ephemeral key exchange. This helps to maintain security of previous connections even if your server is compromised (or, in this case, your CDN is compromised).

For optimal security, you will want to tune additional parameters for your websites. Qualys SSL Labs can help you discover and tune these settings for additional security. To name a few, consider configuring HSTS, downgrade prevention via TLS Fallback SCSV, and forward secrecy. You may not be able to control all of these settings via your CDN - some may need to be configured on your servers.

Also, do not neglect the TLS configuration of your own servers as your CDN will establish an independent TLS connection to your servers.

Answer 2

As more vulnerabilities and exploits come out, an attacker can downgrade their communication method to exploit the older versions of TLS.