web-servicessslserver-to-server

Webservice between a TLS 1.0 server & TLS 1.1 server


So i think i know the answer to this but wanted to check.

If i allow customers/supplier to send orders via a Webservice and/or http post and my server is running TLS 1.0 and i upgrade to TLS 1.1/1.2 and the customers/suppliers are still using TLS 1.0 i presume that this interface will stop working and therefore my customers need to upgrade to TLS 1.1 or 1.2 at least as well to continue working?

Does anyone know if there is a matrix that shows compatibility between different versions so I can work out in what scenarios it will work?

Thanks in advance?

regards

Mark


Solution

  • Expose a new TLS 1.2-only endpoint (on a different subdomain) so your customers can migrate at their own pace. Inform them you'll be retiring the old endpoint soon and they need to address their crypto where necessary. When the deadline comes, CNAME your old endpoint to your new one.

    This is a controversial approach, but it is also production, in real life, so you just gotta do what you gotta do.