Compliance standards
Consider the following recommendations on custom cipher suites for when your organization needs to comply with regulatory standards.
Refer to Customize cipher suites to learn how to specify cipher suites at zone level or per hostname.
Recommended cipher suites for compliance with the Payment Card Industry Data Security Standard (PCI DSS) ↗. Enhances payment card data security.
Cipher suites list
AEAD-AES128-GCM-SHA2561, AEAD-AES256-GCM-SHA3842, AEAD-CHACHA20-POLY1305-SHA2563, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-CHACHA20-POLY1305
If you are customizing cipher suites via API, refer to Steps and API examples for a snippet you can copy with the formatted array.
Recommended cipher suites for compliance with the Federal Information Processing Standard (140-2) ↗. Used to approve cryptographic modules.
Cipher suites list
AES128-GCM-SHA256, AES128-SHA, AES128-SHA256, AES256-SHA, AES256-SHA256, DES-CBC3-SHA, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA, ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-SHA, ECDHE-RSA-AES256-SHA384
If you are customizing cipher suites via API, refer to Steps and API examples for a snippet you can copy with the formatted array.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark