With Traffic Policy, you can prevent obsolete and potentially vulnerable browsers, SDKs, or CLI tools like curl from attempting to access your API. This rule:
  1. Uses the conn.tls.version connection variable to check the incoming request’s TLS version.
  2. Rejects versions below 1.3 with a 401 Unauthorized response.
on_http_request:
  -     name: Reject requests using old TLS versions
    expressions:
      - conn.tls.version < '1.3'
    actions:
      -         type: custom-response
        config:
          status_code: 401
          body: Unauthorized: TLS version too old
See the custom-response Traffic Policy action docs for more information.