So, I am upgrading the service to java 11 which disabled the TLS versions 1.1 and 1.0 , but there are still some clients that are using 1.1. Is there going to be any compatibility issues assuming that client 1.1, CloudFlare 1.1,1.2,1.3 and api gateway 1.2 and 1.3 and service 1.2 and 1.3. I believe it shouldn’t be any issues as there are separate layers and they should adapt to the layer they are communicating with.
Should I still enable the 1.1 in the service?
Yes.
You can always check for yourself which algorithms are available, by reading the documentation of SSLContext.getInstance, which has a link to the current list of supported protocol names. As you can see, early versions of TLS continue to be supported, even in Java 21.
To all the people haughtily telling VVV to force people to upgrade: That suggestion shows a pervasive ignorance of application design. You might as well demand that applications require people to upgrade to 8K monitors.
Some applications, like banking, require modern security with no known vulnerabilities. Some other applications, however, do not require perfect security; they only need to hide information from casual observers, not from dedicated, expert attackers. Punishing users of older systems for no reason other than a developer’s laziness would be childish and unprofessional.