Recent PCI Audit not satisfied due to security issues identified in report

Hi there,

We’ve been using Cloudflare to protect our site since 2019, and it’s been working great for us. All traffic to our site goes through Cloudflare first.

Recently, we received a report from Security Metrics, who conduct our annual PCI compliance audit. The report highlights some issues related to connecting through Cloudflare. Given Cloudflare’s strong focus on security, we suspect that these issues—such as old versions of TLS and outdated cipher suites—might be configurable on our end.

Could you guide us on how to adjust our settings to meet PCI compliance requirements? We have the report ready for you to review.

Thank you!

TLS can be set here:

Cipher suites can be set like this:

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.