Cloudflare cipher order does not follow recommendations

I just checked a domain which is running via Cloudflare CDN for security best practices.
Unfortunately, the cipher order is wrong because older ciphers come before better ciphers.
So, I thought maybe it's because we have not done it in the right way.
Cloudflare itself is probably doing it right for their own domain.

But it's not the case, Cloudflare has the wrong cipher order also for their own domain:
https://internet.nl/site/www.cloudflare.com/3455112/#sitetls

How can this be changed?

Website test: www.cloudflare.com

Test for modern Internet Standards IPv6, DNSSEC, HTTPS, HSTS, DMARC, DKIM, SPF, STARTTLS, DANE, RPKI and security.txt

Original message was deleted

Idle•10/2/25, 8:20 AM

because the report says it does :p

Original message was deleted

Idle•10/2/25, 8:21 AM

nono it must be the company running 25% of the world's internet that's following insecure practices

Original message was deleted

Markus BertholdOP•10/2/25, 10:54 AM

There are security people thinking different:
https://english.ncsc.nl/publications/publications/2025/06/26/security-guidelines-for-transport-layer-security-2025-05

Security guidelines for Transport Layer Security 2025-05

This publication offers recommendations on how to set up a TLS configuration that protects your application in an appropriate manner.

Markus BertholdOP•10/2/25, 10:55 AM

It should not be a big problem for the developers of cloudflare to do the order differently?

Cloudflare cipher order does not follow recommendations

Similar Threads

Similar Threads

Similar Threads