Skip to content
Cloudflare API
Start here
API Reference

Origin TLS Compliance Modes

resource cloudflare_origin_tls_compliance_modes

required Expand Collapse
zone_id: String

Identifier.

value: List[String]

List of TLS compliance modes that constrain the key-exchange algorithms Cloudflare may use when establishing the TLS connection to the zone’s origin. Currently supported values are fips (FIPS-approved curves) and pqh (post-quantum hybrid). Future modes (e.g. cnsa2) may be added; clients should treat unknown values as opaque strings. Multiple modes are combined as the intersection of their permitted algorithm lists; selections whose intersection is empty are rejected. An empty list clears the constraint.

computed Expand Collapse
id: String

Identifier.

editable: Bool

Whether the setting is editable.

modified_on: Time

Last time this setting was modified.

cloudflare_origin_tls_compliance_modes

resource "cloudflare_origin_tls_compliance_modes" "example_origin_tls_compliance_modes" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  value = ["fips", "pqh"]
}

data cloudflare_origin_tls_compliance_modes

required Expand Collapse
zone_id: String

Identifier.

computed Expand Collapse
id: String

Identifier.

editable: Bool

Whether the setting is editable.

modified_on: Time

Last time this setting was modified.

value: List[String]

List of TLS compliance modes that constrain the key-exchange algorithms Cloudflare may use when establishing the TLS connection to the zone’s origin. Currently supported values are fips (FIPS-approved curves) and pqh (post-quantum hybrid). Future modes (e.g. cnsa2) may be added; clients should treat unknown values as opaque strings. Multiple modes are combined as the intersection of their permitted algorithm lists; selections whose intersection is empty are rejected. An empty list clears the constraint.

cloudflare_origin_tls_compliance_modes

data "cloudflare_origin_tls_compliance_modes" "example_origin_tls_compliance_modes" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
}