Cloudflare cipher order does not follow recommendations
I just checked a domain which is running via Cloudflare CDN for security best practices.
Unfortunately, the cipher order is wrong because older ciphers come before better ciphers.
So, I thought maybe it's because we have not done it in the right way.
Cloudflare itself is probably doing it right for their own domain.
But it's not the case, Cloudflare has the wrong cipher order also for their own domain:
https://internet.nl/site/www.cloudflare.com/3455112/#sitetls
How can this be changed?
Website test: www.cloudflare.com
Test for modern Internet Standards IPv6, DNSSEC, HTTPS, HSTS, DMARC, DKIM, SPF, STARTTLS, DANE, RPKI and security.txt
3 Replies
because the report says it does :p
nono it must be the company running 25% of the world's internet that's following insecure practices
There are security people thinking different:
https://english.ncsc.nl/publications/publications/2025/06/26/security-guidelines-for-transport-layer-security-2025-05
Security guidelines for Transport Layer Security 2025-05
This publication offers recommendations on how to set up a TLS configuration that protects your application in an appropriate manner.
It should not be a big problem for the developers of cloudflare to do the order differently?