Cipher Configs Subdomain
Wondering if its possible to change the cipher configs for a subdomain ww1.example.com without affecting example.com, wondering if this is even possible.
5 Replies
Yes: https://developers.cloudflare.com/api/operations/per-hostname-tls-settings-put, need ACM though (Adv. Cert Manager)
You asked a question about this but I didn't quite understand what you are asking. That endpoint just needs your zone id (right side of the overview of your website) and the hostname (ww1.example.com)
Cloudflare API Documentation
Interact with Cloudflare's products and services via the Cloudflare API
thanks Chaika we do have an ACM not very familiar with how it works tho so i will ook into it
I have to have the ACM ? i cant just apply the new ciphers on this endpoint for www1 hostname?/{zone_id}/hostnames/settings/{setting_id}/{hostname}
You need ACM on the zone/website, yea
otherwise trying to use that endpoint just spits out
{ "success": false, "errors": [ { "code": 1450, "message": "Access to configure this resource has not been granted for this zone. This feature is available with the Advanced Certificate Manager." } ], "messages": [] }
i see thanks Chaika, still trying to learn everything cloudflare has to offer
Hey Chaika, i was given permissions to apply the configs at the zone level since we do not have ACM and but this also gives us the same message: Advance Certificate Manager is Required to Set custom ciphers. We are just trying to upgrade to cloudflare's modern security level cipher suites
["ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-CHACHA20-POLY1305", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384"]
is zone changes of this sort still possible?
without ACM
Hi everyone @here! My name is Yomna and I am a product intern on the SSL team. Exciting news--we are working on adding cipher suites to the Cloudflare dashboard!
If you are someone who has experience configuring cipher suites with our API, or are someone who hopes to configure suites, we'd love to hear from you! Here is a Calendly link to set up a time to chat:
https://calendly.com/yomna-4wzb/cipher-suite-selection-in-the-ui?month=2024-05
No time to chat? We've also created this survey to gather information:
https://docs.google.com/forms/d/15mGcm2aDLhTMeJpHPfAO8JrmOcuJaq-EHjkpLrQg5mM/edit
Thank you so much for your time and consideration! We're looking forward to effectively meeting you cipher suites needs π
Google Docs
Cipher Suite Selection in Cloudflare UI
We're excited to share that we're working on integrating cipher suite selection into the Cloudflare dashboard! Your insights are crucial in ensuring we tailor this feature to meet your needs effectively. Please take a moment to share your use cases and any pain points you've encountered.
If you'd like to set up a time to chat, please DM @yomshou...