Cloudflare Docs
SSL/TLS
SSL/TLS
Visit SSL/TLS on GitHub
Set theme to dark (⇧+D)

Customize cipher suites — Edge certificates

With Advanced Certificate Manager or within SSL for SaaS, you can restrict connections to specific cipher suites. Currently, this functionality is only available when using the API:

​​ Cipher suite values

​​ TLS 1.2 or lower

To specify certain cipher suites, include an array of applicable cipher suites used for TLS 1.2 or lower in the value field. Cloudflare offers a list of recommended ciphers by security requirements, but you can also refer to the full list of supported ciphers.

​​ TLS 1.3

You cannot set specific TLS 1.3 ciphers.

Instead, you will need to enable TLS 1.3 for your entire domain and Cloudflare will use all applicable TLS 1.3 cipher suites.

In combination with this, you can still restrict specific ciphers for TLS 1.0-1.2.

​​ Reset to default values

To reset to the default cipher suites, send an empty array in the value field.