Proxy and Load Balancer security

I am looking for a way to disable CBC cyphers and TLS gzip support.

You can change the ciphers using Advanced Certificate Manager, which is a paid add-on.

I suspect you are concerned about known vulnerabilities like BREACH. Cloudflare have mitigations in place for these already, so disabling GZip should not be necessary. If you still want to disable gzip, you need to add a no-transform directive to your cache-control headers on your Origin.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.