We are having trouble finding why this warning is coming in. We use the /authorize endpoint method to redirect the user’s browser to Auth0 for authentication. In the logs we see many successful logins without the “Allow Legacy TLS” warning. Randomly we notice this warning for a few throughout the day. If all authentication follows the same path for an application, then why does 98% come through without any TLS warning? 1 out of every 30 login attempts get the TLS warning. If it was server related, then all 30 attempts should throw the TLS warning.
The only thing we can think of is being user browser related. All modern browser’s support TLS 1.2 by default however, so we don’t know how to confirm this.
Does anyone know why the TLS warning is so sporadic and where we can look to fix the issue before legacy TLS support is depreciated?