Compliance standards
Consider the following recommendations on custom cipher suites for when your organization needs to comply with regulatory standards.
Refer to Customize cipher suites to learn how to specify cipher suites at zone level or per hostname.
Recommended cipher suites for compliance with the Payment Card Industry Data Security Standard (PCI DSS) ↗. Enhances payment card data security.
Cipher suites list
AEAD-AES128-GCM-SHA2561, AEAD-AES256-GCM-SHA3842, AEAD-CHACHA20-POLY1305-SHA2563, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-CHACHA20-POLY1305
If you are customizing cipher suites via API, refer to Steps and API examples for a snippet you can copy with the formatted array.
Recommended cipher suites for compliance with the Federal Information Processing Standard (140-2) ↗. Used to approve cryptographic modules.
Cipher suites list
AES128-GCM-SHA256, AES128-SHA, AES128-SHA256, AES256-SHA, AES256-SHA256, DES-CBC3-SHA, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA, ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-SHA, ECDHE-RSA-AES256-SHA384
If you are customizing cipher suites via API, refer to Steps and API examples for a snippet you can copy with the formatted array.
-
Same as
TLS_AES_128_GCM_SHA256. Refer to TLS 1.3 cipher suites for details. ↩ -
Same as
TLS_AES_256_GCM_SHA384. Refer to TLS 1.3 cipher suites for details. ↩ -
Same as
TLS_CHACHA20_POLY1305_SHA256. Refer to TLS 1.3 cipher suites for details. ↩
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark