Unable to Maintain TLS 1.0 Communication After Upgrading from Traefik 2.8 to 2.9

Wait4Code · August 22, 2024, 9:55am

Hi,

A year ago, I deployed Traefik specifically to manage TLS 1.0 for an old legacy server. Unfortunately, this server cannot handle newer TLS versions and cannot be upgraded. My setup is straightforward: I use HTTPS with a recent TLS version between clients and Traefik, and then HTTPS with TLS 1.0 between Traefik and the legacy server. This setup allows my applications to avoid dealing with the outdated TLS protocol directly.

Today, I attempted to upgrade from version 2.8 to version 2.11, but the upgrade broke my configuration because, since version 2.9, Traefik no longer supports TLS 1.0. I noticed the "minimumVersion" TLS option, but it seems applicable only for connections between the client and Traefik, not between Traefik and the backend service.

Is there any solution that would allow me to upgrade Traefik without breaking my setup?

bluepuma77 · August 23, 2024, 6:37am

It seems there is no option to use legacy TLS in Traefik service (doc).

It’s not Traefik's job to maintain compatibility with inherent insecure old protocols and I would assume that upstream Golang libraries just completely removed old TLS support, so it’s not available in Traefik anymore.

Topic		Replies	Views
TLS minVersion: VersionTLS10 has no effect Traefik v2 docker , file , letsencrypt-acme	8	1599	November 10, 2020
TLS.MinVersion entrypoint is not working properly in Traefik 1.7.26 Traefik v1 kubernetes-ingress	4	1447	September 11, 2020
Disable TLS 1.0 and 1.1 Traefik v2 docker	5	11816	June 17, 2020
Yet another TLS issue :D Traefik v2 docker	5	717	January 29, 2020
How to disable TLS 1.0 and TLS 1.1 in Traefik 1.7.20 Traefik v1 consul , kubernetes-ingress	4	3651	May 4, 2022

Unable to Maintain TLS 1.0 Communication After Upgrading from Traefik 2.8 to 2.9

Related topics