Disable Weak Cipher Suite in TLS 1.2

Hi, we need to disable weak cipher suite in TLS 1.2.

The basic certificate (Universal SSL) does not allow us to customize the cipher suite and we need to purchase “Advanced Certificate Manager”.

We have purchased “Advanced Certificate Manager” and created the digicert. As instructed we need to call the API in order to modify the cipher suite.

What’s the next step after creating the Digicert?
How do we call the API?

https://community.cloudflare.com/search?q=api%20weak%20cipher%20suite

3 Likes

Thanks sdayman, however, I’m still new to this process.
Is there a step that breaks it down for a beginner like me?

This worked for me:

curl -X PATCH "https://api.cloudflare.com/client/v4/zones/ZONE_ID/settings/ciphers" -H "X-Auth-Email: [email protected]" -H "X-Auth-Key: GLOBAL_API_KEY" -H "Content-Type: application/json" --data '{"value":["AES256-SHA","ECDHE-ECDSA-AES256-GCM-SHA384"]}'

You’ll have to edit it for your Zone ID (as found on your Overview page, Email (for your account), and Global API Key, as found in your dashboard profile.

3 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.