disable weak CBC cipher at origin server
I have disabled weak cipher at the origin server
When I test internally using the below command (resolve to internal IP address)
openssl s_client -cipher 'AES256-SHA' -connect xxx.xxx.xxx:443 -tls1_2
It showed fail to connect
However, when test externally, it still connects successfully and it also showed the connection is using the certificate of origin server
May I know if it is because the ssl handshake will follow cloudflare ciphersuites instead, even the certificate in use is the one of the origin server ? Thanks
We are using cloudflare and the website is prooxied
When I test internally using the below command (resolve to internal IP address)
openssl s_client -cipher 'AES256-SHA' -connect xxx.xxx.xxx:443 -tls1_2
It showed fail to connect
However, when test externally, it still connects successfully and it also showed the connection is using the certificate of origin server
May I know if it is because the ssl handshake will follow cloudflare ciphersuites instead, even the certificate in use is the one of the origin server ? Thanks
We are using cloudflare and the website is prooxied
