How do I enabled legacy TLS on my NodeBalancer?
I am looking to deploy a web service that will support Internet Explorer 6-8. I need to be able to enable legacy TLS on my NodeBalancer. How can I do this?
As a note: Keep in mind that enabling legacy TLS protocols will not allow for the strongest SSL/TLS connections.
Enabling legacy TLS on your NodeBalancer can only be done through the Linode API. Here are a few guides that will help you get started if you have not used our API before:
Getting Started with the Linode API
Using the Linode CLI is not necessary to use our API but it can provide a great tool to use in conjunction with our API. In this guide I will be referencing the CLI commands, but you can also reference our API Documentation to view the corresponding commands.
Before you get started please make sure you create a Personal Access Token in your Cloud Manager.When that's done you can begin configuring your NodeBalancer. In order to open the configuration of the correct NodeBalancer you will need to know the nodebalancer id as well as the configuration id. Please be aware that these are separate values and I will show you how to find each:
linode-cli nodebalancers list
This will show you the nodebalancer id on the lefthand most box.
linode-cli nodebalancers configs-list <nodebalancer id=""></nodebalancer>
This will show you the configuration id on the lefthand most box.
Once you have those values you can update your Cipher Suite configuration by entering the following command:
linode-cli nodebalancers config-update --cipher_suite legacy <nodebalancer id> <configuration id>
Here is an example to offer clarity:
linode-cli nodebalancers config-update --cipher_suite legacy 59463 55373
This should be all you need to do. The command will update the configuration automatically so there is no need to restart any services. I hope this information was helpful to you. If you have any other questions or if you need anything else please let us know.
What you want to do is a VERY BAD idea. Your users should stop using IE 6-8. If a newer version of IE is not supported by their platform(s), they should move to Chrome or Firefox.
If they can't do that because they use ActiveX, you should take the revenue hit and drop them.
IE is and always has been a Trojan horse. You should just say no.