Cloudflare does not switch TLS version


#1

Hello, dear Community

I faced with the next issue:
My site appeared as used weak ciphers (I saw it at ssllabs & when try to check it via nmap with scirpt ssl-enum-ciphers)

Story:
I have domain which maintained by CF zone. i.e - bbb.io
Subdomain use name xxx.bbb.io. I set up server to use TLS1.1 & TLS1.2. Set strong ciphers(A+ level). Test it via nmap & ssllabs. All seemed fine. After that I hide website behind CloudFlare. At Cypto tab set - minimum TLS 1.1. Changes were applied.
After that my site seems as site which used TLS1.0 and weak ciphers such as


| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| Weak certificate signature: SHA1


I tried to set minimal TLS version to 1.2. It does not help. My site still appeared as used weak cipher & TLS 1.0.

What should I do in order to avoid using TLS 1.0 & weak cipher?

Thanks in advance,


#2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.