SSLAbs showing weak ciphers

We have a client that is failing PCI because their site is showing weak ciphers. We checked the server and looked at IISCrypto and don’t show these enabled. Is there something in Cloudflare that I am missing?

Hi there,

You can disable weak ciphers from the API if you have advanced certificates:

Take care.

1 Like

We have Total-TLS enabled. Would that count as advanced certificates?

I updated the custom hostname to TLS 1.3 and that seems to have removed the weak ciphers.

1 Like

So we found these link that I think we can do it through the API but not seeing if we can do this by hostname? We have some older clients and if we had to do this for the entire zone don’t know if it would cause issues.

Cloudflare API Documentation
Disable weak cipher suites · Cloudflare SSL/TLS docs

Maybe we are just missing it.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.