Problem using API to disable weak TLS1.2 ciphers

Hi all,

I’ve been trying to use the API to disable weak ciphers in TLS1.2. Here’s the syntax I’m using:

curl -X PATCH "https://api.cloudflare.com/client/v4/zones/${zoneid}/settings/ciphers" \
     -H "Authorization: Bearer ${auth_token}" \
     -H "Content-Type:application/json"
     --data '{"value":["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"]}'

As far as I can tell, this is correct but I’m getting the following error:

{"success":false,"errors":[{"code":1007,"message":"Invalid value for zone setting ciphers"}],"messages":[],"result":null}

Does anyone know what I’m doing wrong? Thanks.

Cloudflare uses OpenSSL cipher suite names - they don’t begin with TLS_ and use hyphens instead of underscores.

https://developers.cloudflare.com/ssl/ssl-tls/cipher-suites/#supported-cipher-suites-by-protocol

https://api.cloudflare.com/#zone-settings-change-ciphers-setting

2 Likes

Don’t know how I missed that! Thanks for your help.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.