Cipher suites - Troubleshooting
If you encounter issues with edge certificate cipher suites, refer to the following scenarios.
Compatibility with Minimum TLS Version
When you adjust the setting used for your domain’s Minimum TLS Version, your domain only allows HTTPS connections using that TLS protocol version.
This setting can cause issues if you are not supporting TLS 1.2 ciphers on your domain. If you experience issues, review your domain’s Minimum TLS Version setting and Cloudflare’s supported cipher list.
Compatibility with certificate type
If you upload a custom certificate, make sure the certificate matches your chosen cipher suites.
For example, if you have upload an RSA certificate, your cipher suite selection cannot only support ECDSA certificates.
TLS 1.3 settings
You cannot set specific TLS 1.3 ciphers.
Instead, you will need to enable TLS 1.3 for your entire domain and Cloudflare will use all applicable TLS 1.3 cipher suites.
In combination with this, you can still restrict specific ciphers for TLS 1.0-1.2.