Recommendations | Cloudflare SSL/TLS docs (2024)

Table of Contents

Modern Compatible Legacy (default)

Refer to the sections below for three different security levels and how Cloudflare recommends that you set them up if you need to restrict the cipher suites used between Cloudflare and clients that access your website or application.

Refer to Customize cipher suites to learn how to specify cipher suites at zone level or per hostname.

When opting for compatible or modern, make sure to up your Minimum TLS version to 1.2 and enable TLS 1.3 on your zone.

Modern

Offers the best security and performance, limiting your range of clients to modern devices and browsers. Supports TLS 1.2-1.3 cipher suites. All suites are forward-secret and support authenticated encryption (AEAD).

See Also

TLS 1.2 Vulnerability Information Technology - University of Florida Vulnerability - TLS Version 1.0 Protocol Detection detected on ALM Application Server on Port 2121 Supported cipher suites | Cloudflare SSL/TLS docs

Cipher suites:

AEAD-AES128-GCM-SHA256, AEAD-AES256-GCM-SHA384, AEAD-CHACHA20-POLY1305-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384

Formatted array to copy:

["ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-CHACHA20-POLY1305", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384"]

Compatible

See Also

PCI DSS Compliance - 5.2 Testing effectiveness of anti-virus solution

Provides broader compatibility with somewhat weaker security. Supports TLS 1.2-1.3 cipher suites. All suites are forward-secret.

Cipher suites:

AEAD-AES128-GCM-SHA256, AEAD-AES256-GCM-SHA384, AEAD-CHACHA20-POLY1305-SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA256, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA384

Formatted array to copy:

["ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-CHACHA20-POLY1305", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-SHA256", "ECDHE-RSA-AES128-SHA256", "ECDHE-ECDSA-AES256-SHA384", "ECDHE-RSA-AES256-SHA384"]

Legacy (default)

Includes all cipher suites that Cloudflare supports today. Broadest compatibility with the weakest security. Supports TLS 1.0-1.3 cipher suites.

Cipher suites:

AEAD-AES128-GCM-SHA256, AEAD-AES256-GCM-SHA384, AEAD-CHACHA20-POLY1305-SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA256, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES128-SHA, ECDHE-RSA-AES128-SHA, AES128-GCM-SHA256, AES128-SHA256, AES128-SHA, ECDHE-RSA-AES256-SHA, AES256-GCM-SHA384, AES256-SHA256, AES256-SHA, DES-CBC3-SHA

To reset your option to the default, use an empty array.

Recommendations | Cloudflare SSL/TLS docs (2024)

Top Articles

Have Black Mold in Your Home? Getting Rid of It Is Easier Than You Think

Do you need a large personal loan? These lenders could give you as much as $50,000

Katie Nickolaou Leaving

Bank Of America Financial Center Irvington Photos

Loves Employee Pay Stub

Craftsman M230 Lawn Mower Oil Change

Cad Calls Meriden Ct

30% OFF Jellycat Promo Code - September 2024 (*NEW*)

Wal-Mart 140 Supercenter Products

10000 Divided By 5

Prices Way Too High Crossword Clue

Cincinnati Bearcats roll to 66-13 win over Eastern Kentucky in season-opener

Evangeline Downs Racetrack Entries

Nj Scratch Off Remaining Prizes

A Guide to Common New England Home Styles

Huge Boobs Images

Dutch Bros San Angelo Tx

Destiny 2 Salvage Activity (How to Complete, Rewards & Mission)

Khiara Keating: Manchester City and England goalkeeper convinced WSL silverware is on the horizon

Ubg98.Github.io Unblocked

Kaitlyn Katsaros Forum

Ppm Claims Amynta

Encore Atlanta Cheer Competition

Great Clips Grandview Station Marion Reviews

Loslaten met de Sedona methode

Stihl Dealer Albuquerque

Bolsa Feels Bad For Sancho's Loss.

Water Temperature Robert Moses

The Monitor Recent Obituaries: All Of The Monitor's Recent Obituaries

How often should you visit your Barber?

Star News Mugshots

47 Orchid Varieties: Different Types of Orchids (With Pictures)

Indiefoxx Deepfake

Trap Candy Strain Leafly

Who Is Responsible for Writing Obituaries After Death? | Pottstown Funeral Home & Crematory

Inducement Small Bribe

Owa Hilton Email

How Big Is 776 000 Acres On A Map

Advance Auto.parts Near Me

Squalicum Family Medicine

Gary Vandenheuvel Net Worth

City Of Irving Tx Jail In-Custody List

Used Auto Parts in Houston 77013 | LKQ Pick Your Part

Black Adam Showtimes Near Kerasotes Showplace 14

Diamond Desires Nyc

Prologistix Ein Number

How to Get a Check Stub From Money Network

Craigslist Yard Sales In Murrells Inlet

Phumikhmer 2022

The Love Life Of Kelsey Asbille: A Comprehensive Guide To Her Relationships

Latest Posts

How to Add a Signature to a PDF without Adobe - The Ultimate Guide | WPS Office Blog

3 Categories of Fire Evacuation | Studyplex

Article information

Author: Catherine Tremblay

Last Updated: 2024-09-20T08:09:56+07:00

Views: 6387

Rating: 4.7 / 5 (47 voted)

Reviews: 86% of readers found this page helpful

Author information

Name: Catherine Tremblay

Birthday: 1999-09-23

Address: Suite 461 73643 Sherril Loaf, Dickinsonland, AZ 47941-2379

Phone: +2678139151039

Job: International Administration Supervisor

Hobby: Dowsing, Snowboarding, Rowing, Beekeeping, Calligraphy, Shooting, Air sports

Introduction: My name is Catherine Tremblay, I am a precious, perfect, tasty, enthusiastic, inexpensive, vast, kind person who loves writing and wants to share my knowledge and understanding with you.