Change in behavior ID411879

There are quite a few threads open here in the forum, all indicating SSL handshake issues when upgrading from a version < 11.4.0 to a version >= 11.4.0. The reason for all these issues seems to be the change in behavior ID411879 (from version 11.4.0), which is described as follows:

For serverssl profiles, the system uses TLS in the following way: TLS1.2, then TLS1.1 and TLS1.0.
Previously, it was TLS1, TLS1.2 and TLS1.1.
This might result in unexpected status settings for existing virtual servers configured in previous releases.

But is there anybody, who can explain the internal logic/algorithm behind that? I mentioned it already in another thread **_what kind of sense makes an order if the second or third option will never be used, when the first one fails?_**

I don't think this is a bug, but is more related to the standard SSL handshake process. But I haven't the required knowledge in detail to explain and/or understand this behavior.

I hope we can finally solve this topic.

Thank you!

Ciao Stefan 🙂