SSL / TLS cipher order

valon.miski · February 6, 2025, 5:31pm

What is the name of the domain?

/

What is the error number?

/

What is the error message?

/

What is the issue you’re encountering

/

What steps have you taken to resolve the issue?

/

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full (strict)

What are the steps to reproduce the issue?

Hey everyone,

I ran a security scan on my web app and got a great score (98%), but I still have one issue related to cipher order. The scan result states:

Verdict: Your web server does not prefer ‘Good’ over ‘Sufficient’ over ‘Phase out’ ciphers (‘II’).

I’m using Cloudflare as a reverse proxy, and I’ve already set the security settings to the maximum level:
TLS 1.2 minimum version (1.3 supported)
Full (strict) SSL mode
Always use HTTPS enabled

Despite this, I’m still getting the warning about cipher order. It seems like Cloudflare does not prioritize strong ciphers over weaker ones.

Has anyone else encountered this issue? Is there a way to enforce a stricter cipher preference on Cloudflare, or is this something that Cloudflare handles internally?

Any advice would be appreciated!

Thanks!

Laudian · February 6, 2025, 6:01pm

You can either set the minimum TLS Version to 1.3 or get the ACM addon which allows you to disable specific ciphers.

system · February 21, 2025, 6:01pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
TLS cipher order (again) (again) Security	2	125	July 20, 2024
TLS cipher order (again) Security	5	589	January 13, 2024
Change TLS Cipher order Security	4	870	September 8, 2023
Insecure ciphers - which SSL will fix? Security	2	890	November 15, 2023
How to configure TLS 1.2 ciphers for Cloudflare Pages? DNS & Network	1	1018	June 3, 2023