The Curity Identity Server supports versions 1.0, 1.1, 1.2, and 1.3 of the Transport Layer Security protocol.
By default, only TLSv1.2 is enabled on Curity Identity Server for server-side transport security.
TLSv1.0 and TLSv1.1 have well known security issues and are disabled by default due to that reason. However, they can be explicitly enabled via the enable-tls-1.0 and enable-tls-1.1 service role configuration settings respectively. A use case for this can be the requirement to accept connections from older devices or legacy software, which may not support the more recent TLS versions.
enable-tls-1.0
enable-tls-1.1
TLSv1.3 is disabled by default due to possible compatibility issues with previous setups, namely for mutual TLS. However, it can be explicitly enabled via the enable-tls-1.3 service role configuration setting.
enable-tls-1.3
For details on the configuration model, see the Configuration Reference.