A vendor offers a mobile app for tracking vehicles & this app links back to their server in Azure cloud.
We install this app on our corporate mobile devices. We have
a) iPhone 5 on IOS 10.x
b) certain iPad models on IOS 9.x
c) Android phones on Android 4.4
Vendor told us they can't enforce TLS1.2 on their app as they have other customer (also in transport
related industry) with mobile devices still using Android 4.x, thus they'll to still permit TLS1.0 & 1.1.
Is this enforcement of TLS version something that's done at the server end (in the cloud) or at the
mobile app side?
The vendor currently supports only 1 version of the mobile app, thus they can't customize this app
specifically for us just to enforce certain TLS version as advised by them.
What's the highest version of TLS (1.2, 1.1 or 1.0) that IOS 9.x and Android 4.4 could support?
Anyone know if mobile apps can be made to go for TLS 1.2 first, failing which, it'll fall back to
1.1 & if this fails, then 1.0 ? If it can be done, is this at server or client end?
Suppose there's a load balancer (eg: F5 or A10) at the server end, does the cert installed at
the loadbalancer matters where TLS version support is concerned?