As of today may 27th, 2018, Incapsula will set TLS 1.2 as the minimum supported version, by default, for connectivity between clients (visitors) and the Incapsula service. Enforcement will be gradually rolled out to customers during the week.
PCI-DSS compliance requires disabling the use of TLS 1.0 as of July 1, 2018. To comply with this requirement, and due to the known vulnerabilities in TLS 1.1, Incapsula has defined TLS 1.2 as the default minimum supported version. This also applies to the Incapsula Management Console and the Incapsula API.
For our Enterprise and Business plan customers who require the continued support of TLS 1.0 or TLS 1.1 while they prepare their customers, applications, or tools to support TLS 1.2 only, an option to maintain current functionality has been added to the UI and API.
For more information, see:
Incapsula documentation & Incapsula blog.
Posted May 27, 2018 - 14:00 UTC
Update
The date of setting TLS 1.2 as the default minimum TLS version for the connectivity between the client side and Incapsula is postponed to May 27th, 2018.
This extension allows us to address as many customer use cases as possible in a safe and monitored way, while still providing a 30-day buffer in advance of the PCI deadline to address any unique requests.