Disabled obsoleted CBC Ciphers

Hello,

After a security audit, I need to disabled obsoleted CBC Ciphers (AES, ARIA, etc.).
How it is possible ? I can’t find option in my cloudflare account.

Thanks

You need to purchase Advanced Certificate Manager, and then you can use the API to configure the cipher suites.

Thanks very luch Michael.
I bought an advanced certificate manager with let’s encrypt on cloudflare. he is configured.
So, now, how to disabled obsoleted CBC Ciphers (AES, ARIA, etc.) with the API ?

https://api.cloudflare.com/#zone-settings-change-ciphers-setting

I use something like this:

curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/${zoneid}/settings/ciphers" -H "X-Auth-Email: ${auth_email}" -H "X-Auth-Key: ${auth_key}" -H "Content-Type: application/json" --data '{"value":["ECDHE-ECDSA-AES128-GCM-SHA256","ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-ECDSA-CHACHA20-POLY1305"]}'

1 Like