Disable all weak block ciphers with key les than 128-bit, including export ciphers

I need the procedure to be able to disable the following since the guide is very confusing someone who has done it

Disable all weak block ciphers with key les than 128-bit, including export ciphers.
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xc013)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xc027)
TLS_RSA_WITH_AES_128_GCM_SHA256(0x9c)
TLS_RSA_WITH_AES_128_CBC_SHA(0x2f)
TLS_RSA_WITH_AES_128_CBC_SHA256(0x3c)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xc014)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xc028)
TLS_RSA_WITH_AES_128_GCM_SHA384(0x9d)
TLS__RSA_WITH_AES_128_CBC_SHA(0x35)
TLS__RSA_WITH_AES_128_CBC_SHA256(0x3d)

The ciphers API sets the ciphers you want to use, not the ciphers you don’t want to use. I use the following:

curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/${zoneid}/settings/ciphers" -H "X-Auth-Email: $auth_email" -H "X-Auth-Key: $auth_key" -H "Content-Type: application/json" --data '{"value":["TLS_AES_256_GCM_SHA384","TLS_CHACHA20_POLY1305_SHA256","TLS_AES_128_GCM_SHA256","TLS_AES_256_GCM_SHA384","TLS_CHACHA20_POLY1305_SHA256","TLS_AES_128_GCM_SHA256","ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-ECDSA-CHACHA20-POLY1305","ECDHE-ECDSA-AES128-GCM-SHA256","ECDHE-RSA-AES256-GCM-SHA384","ECDHE-RSA-CHACHA20-POLY1305","ECDHE-RSA-AES128-GCM-SHA256"]}'

1 Like

Do take note that this is only possible with the use of Advanced Certificate Manager (ACM).

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.