LOG IN SIGN UP
Documentation

Verifying TLS 1.2 support

  Last updated May 04, 2018

Testing user agents

You can test user agents for TLS 1.2 protocol support using the SSL test tool from SSL Labs, or check their user agent capabilities list.

Testing API clients

We recommend reviewing the documentation for your API client to determine whether or not it supports TLS 1.2.

Modifying the hosts file

You can test your API client for TLS 1.2 protocol support by adding an entry to the /etc/hosts file on a host that contains your application. We don't recommend doing this on a production server. We've installed a certificate for api.fastly.com on an IP address that requires TLS 1.2. Adding the following entry to the /etc/hosts file will force all Fastly API requests originating from your host to use this test IP address.

151.101.1.133 api.fastly.com

Using the cURL command

You can also test your API client for TLS 1.2 protocol support by using cURL. Make the following API call in a terminal application:

curl --resolve api.fastly.com:443:151.101.1.133 https://api.fastly.com/public-ip-list

If your client supports TLS 1.2, the response will contain a list of IP addresses:

{"addresses":["23.235.32.0/20","43.249.72.0/22","103.244.50.0/24","103.245.222.0/23","103.245.224.0/24","104.156.80.0/20","151.101.0.0/16","157.52.64.0/18","172.111.64.0/18","185.31.16.0/22","199.27.72.0/21","199.232.0.0/16","202.21.128.11/32","202.21.128.12/32","203.57.145.11/32","203.57.145.12/32"]}

Another way to test your client using cURL is to explicitly force TLS 1.2 by adding the --tlsv1.2 option to the command. Make the following API call in a terminal application:

curl --tlsv1.2 https://api.fastly.com/public-ip-list

If your client works with this option, it will work after Fastly requires TLS 1.2.


Additional resources:


Back to Top