Customize cipher suites
This process will not lead to any downtime in your SSL/TLS protection.
Currently, you can only customize cipher suites when using the API:
Cipher suite selection
ECDSA is prioritized over RSA and Cloudflare preserves the specified cipher suites in the order they are set. This means that, if both ECDSA and RSA are used, Cloudflare presents the ECDSA ciphers first - in the order they were set - and then the RSA ciphers, also in the order they were set.
Cipher suite values
TLS 1.2 or lower
To specify certain cipher suites, include an array of applicable cipher suites used for TLS 1.2 or lower in the
value field. Cloudflare offers a list of , but you can also refer to the of supported ciphers.
In combination with this, you can still restrict specific ciphers for TLS 1.0-1.2.
Reset to default values
For zones and custom hostnames, to reset to the default cipher suites, send an empty array in the