Issue¶

Following a security scan of your application, you may find warnings that inform you that the TLS 1.1 protocol has been detected on your load balancers and is impacting your security score. To improve your security score, this protocol will need to be disabled.

Resolution¶

Here are some example scenarios to help remove TLS 1.1 from your application:

Application with dedicated load balancers¶

If your application is using dedicated load balancers, you can request that TLS 1.1 be disabled via a support ticket.

Application that makes use of an elastic load balancer¶

If you are using and Elastic Load Balancer, we are unable to disable TLS 1.1 at this time. In this instance we would advise in updating your DNS to point to your dedicated load balancers, install your SSL certificates using the Standard (non-legacy) method and request that TLS 1.1 be disabled there (if necessary).

Application that uses shared load balancers¶

If your application is using shared load balancers and you wish to have TLS 1.1 removed, you will need to have dedicated load balancers provisioned. For further information regarding this please contact Acquia Support via a support ticket.

Application that uses a CDN¶

If you are detecting TLS 1.1 or lower in your scan, then this can be managed via your CDN provider. Please contact them in order to disable in this situation. If you are making use of Acquia Cloud Edge, please file a ticket with Acquia Support.