---
title: "Upgrading to TLS 1.2 using Cloudflare"
description: "Upgrading to TLS 1.2 using Cloudflare"
canonical_url: "https://www.bigbinary.com/blog/upgrading-tls-using-cloudflare"
markdown_url: "https://www.bigbinary.com/blog/upgrading-tls-using-cloudflare.md"
---

# Upgrading to TLS 1.2 using Cloudflare

Upgrading to TLS 1.2 using Cloudflare

- Author: Ghouse Mohamed
- Published: August 3, 2023
- Categories: Misc

[NeetoCal](https://neeto.com/neetocal) is one of the products built under
[neeto](https://neeto.com). NeetoCal makes it easier to manage meetings. We
wanted to allow users to use Zoom as one of the ways to have online meetings. We
submitted the NeetoCal app for approval to the Zoom team. The Zoom security team
notified us that they could not approve the app, because the app was supporting
TLS 1.0 and TLS 1.1.

![zoom tls issues](https://www.bigbinary.com/blog/images/images_used_in_blog/2023/upgrading-tls-using-cloudflare/zoom-tls-issue.png)

We checked with SSLlabs and it said the same thing: the servers support TLS 1.0
and TLS 1.1.
![support for older TLS](https://www.bigbinary.com/blog/images/images_used_in_blog/2023/upgrading-tls-using-cloudflare/older-tls-support.png)

TLS 1.0 was published in 1999, and TLS 1.1 was published in 2006. Microsoft and
other companies don't support these two versions of TLS. Even Heroku
[doesn't support](https://help.heroku.com/G0YVUNPG/how-do-i-disable-support-for-tls-1-0-or-1-1-on-a-heroku-app)
it.

All our Neeto applications are hosted on Heroku. If Heroku doesn't support TLS
1.0 and TLS 1.1, how come the server supports these older versions of TLS?

## Solving the TLS issue using Cloudflare

We use [Cloudflare](https://www.cloudflare.com/) as our DNS server for all Neeto
products. Cloudflare allows us to proxy the request. It means that when the user
hits neetocal.com, their request is not going to Heroku. Cloudflare will
intercept the request, and then Cloudflare will make a request to the Heroku
server on behalf of the user. When Cloudflare makes this request to Heroku will
use its own SSL certificate.

Cloudflare allows us to have control over the "Minimum TLS version" to support.
We configured Cloudflare to not support TLS 1.0 and TLS 1.1.

The following video goes into step-by-step detail on how we configured this in
Cloudflare.

<iframe
  width="560"
  height="315"
  src="https://www.youtube.com/embed/sED8_Qwmi2w"
  title="Upgrading to TLS 1.2 using Cloudflare"
  frameborder="0"
  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
  allowfullscreen
></iframe>

[CDN77](https://www.cdn77.com/tls-test) is the service we used in the video to
check the TLS version.

## Links

- [Human page](https://www.bigbinary.com/blog/upgrading-tls-using-cloudflare)