Disabled obsoleted CBC Ciphers


After a security audit, I need to disabled obsoleted CBC Ciphers (AES, ARIA, etc.).
How it is possible ? I can’t find option in my cloudflare account.


You need to purchase Advanced Certificate Manager, and then you can use the API to configure the cipher suites.

Thanks very luch Michael.
I bought an advanced certificate manager with let’s encrypt on cloudflare. he is configured.
So, now, how to disabled obsoleted CBC Ciphers (AES, ARIA, etc.) with the API ?


I use something like this:

curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/${zoneid}/settings/ciphers" -H "X-Auth-Email: ${auth_email}" -H "X-Auth-Key: ${auth_key}" -H "Content-Type: application/json" --data '{"value":["ECDHE-ECDSA-AES128-GCM-SHA256","ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-ECDSA-CHACHA20-POLY1305"]}'

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.