Weak ciphers from SSL Labs


You will need an Advanced Certificate or Custom Hostname (SSL 4 SaaS) to be able to modify ciphers.
Here are the only 6 ciphers you need to execute through the patch API.
You can retrieve your Global API token by going to your Profile → API Tokens
Or generate a Bearer Token with the following permission Zone → Zone Settings → Edit



I intentionally disabled TLS 1.0 and 1.1. Legacy browsers may not support this.
TLS 1.2 is automatically enabled in Google Chrome version 29 or greater
TLS 1.2 is automatically enabled in Safari version 7 or greater.
TLS 1.2 is automatically enabled in Firefox version 27 or greater.
TLS 1.2 is automatically enabled in all versions of Microsoft Edge.

SSL Labs result:

I’ll apologize ahead of time for the messy output.
I am unable to paste links, so please modify URL to make it work.

Zone Cipher API api.Cloudflare. com/#zone-settings-change-ciphers-setting
Custom Hostname (SSL 4 SaaS) Cipher API - api.Cloudflare. com/#custom-hostname-for-a-zone-create-custom-hostname
Cipher Bot Python app I made - github. com/icodefortacos/Cloudflare/blob/main/cipher-bot.py
Retrieve or Make API Token link - dash.Cloudflare. com/profile/api-tokens

curl -X PATCH “htt ps://api.Cloudflare. com/client/v4/zones/ZONEIDGOESHERE/settings/ciphers”
-H “X-Auth-Email: [email protected] com”
-H “Content-Type: application/json”

You might want use code blocks where appropriate. You can place four backticks ` on a line by themself immediately before and after your code. You can alternately use the button in editor. It’s between the quote and emoji buttons.