Skip to content
Cloudflare API
Start here
API Reference
Origin TLS Compliance Modes

Get Origin TLS Compliance Modes setting

origin_tls_compliance_modes.get(OriginTLSComplianceModeGetParams**kwargs) -> OriginTLSComplianceModeGetResponse
GET/zones/{zone_id}/settings/origin_tls_compliance_modes

Origin TLS Compliance Modes constrains the set of TLS key-exchange algorithms Cloudflare may use when establishing the TLS connection to the zone’s origin. The value is a list of named compliance modes (currently fips and pqh). Multiple modes are combined as the intersection of their permitted algorithm lists. An empty list (or no rule configured) means no compliance constraint is applied.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
ParametersExpand Collapse
zone_id: str

Identifier.

maxLength32
ReturnsExpand Collapse
class OriginTLSComplianceModeGetResponse:
id: Literal["origin_tls_compliance_modes"]

The identifier of the caching setting.

editable: bool

Whether the setting is editable.

value: List[str]

List of TLS compliance modes that constrain the key-exchange algorithms Cloudflare may use when establishing the TLS connection to the zone’s origin. Currently supported values are fips (FIPS-approved curves) and pqh (post-quantum hybrid). Future modes (e.g. cnsa2) may be added; clients should treat unknown values as opaque strings. Multiple modes are combined as the intersection of their permitted algorithm lists; selections whose intersection is empty are rejected. An empty list clears the constraint.

modified_on: Optional[datetime]

Last time this setting was modified.

formatdate-time

Get Origin TLS Compliance Modes setting

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
origin_tls_compliance_mode = client.origin_tls_compliance_modes.get(
    zone_id="023e105f4ecef8ad9ca31a8372d0c353",
)
print(origin_tls_compliance_mode.id)
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "origin_tls_compliance_modes",
    "editable": true,
    "value": [
      "fips",
      "pqh"
    ],
    "modified_on": "2014-01-01T05:20:00.12345Z"
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "origin_tls_compliance_modes",
    "editable": true,
    "value": [
      "fips",
      "pqh"
    ],
    "modified_on": "2014-01-01T05:20:00.12345Z"
  }
}