Question
After a routine TLS update — rotating the cert and tightening the allowed cipher/protocol list to disable older suites — a subset of clients suddenly fail to connect. The web dashboard and modern mobile apps work; but an older mobile app version, several B2B partner integrations, and some IoT devices now fail at connection setup. Server logs show TLS handshake failures: 'no shared cipher' / 'unsupported protocol' for the failing clients, and no failures for successful ones. Error rate from these client classes went to ~100%; everyone else is unaffected. The change also dropped TLS 1.0/1.1 support. Triage, mitigate, and decide the durable path.
Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.