Cipher Configs Subdomain
Wondering if its possible to change the cipher configs for a subdomain ww1.example.com without affecting example.com, wondering if this is even possible.
10 Replies
Yes: https://developers.cloudflare.com/api/operations/per-hostname-tls-settings-put, need ACM though (Adv. Cert Manager)
You asked a question about this but I didn't quite understand what you are asking. That endpoint just needs your zone id (right side of the overview of your website) and the hostname (ww1.example.com)
Cloudflare API Documentation
Interact with Cloudflare's products and services via the Cloudflare API
thanks Chaika we do have an ACM not very familiar with how it works tho so i will ook into it
I have to have the ACM ? i cant just apply the new ciphers on this endpoint for www1 hostname?/{zone_id}/hostnames/settings/{setting_id}/{hostname}
You need ACM on the zone/website, yea
otherwise trying to use that endpoint just spits out
{ "success": false, "errors": [ { "code": 1450, "message": "Access to configure this resource has not been granted for this zone. This feature is available with the Advanced Certificate Manager." } ], "messages": [] }
i see thanks Chaika, still trying to learn everything cloudflare has to offer
Hey Chaika, i was given permissions to apply the configs at the zone level since we do not have ACM and but this also gives us the same message: Advance Certificate Manager is Required to Set custom ciphers. We are just trying to upgrade to cloudflare's modern security level cipher suites
["ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-CHACHA20-POLY1305", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384"]
is zone changes of this sort still possible?
without ACM
Hi everyone @here! My name is Yomna and I am a product intern on the SSL team. Exciting news--we are working on adding cipher suites to the Cloudflare dashboard!
If you are someone who has experience configuring cipher suites with our API, or are someone who hopes to configure suites, we'd love to hear from you! Here is a Calendly link to set up a time to chat:
https://calendly.com/yomna-4wzb/cipher-suite-selection-in-the-ui?month=2024-05
No time to chat? We've also created this survey to gather information:
https://docs.google.com/forms/d/15mGcm2aDLhTMeJpHPfAO8JrmOcuJaq-EHjkpLrQg5mM/edit
Thank you so much for your time and consideration! We're looking forward to effectively meeting you cipher suites needs 😄
Google Docs
Cipher Suite Selection in Cloudflare UI
We're excited to share that we're working on integrating cipher suite selection into the Cloudflare dashboard! Your insights are crucial in ensuring we tailor this feature to meet your needs effectively. Please take a moment to share your use cases and any pain points you've encountered.
If you'd like to set up a time to chat, please DM @yomshou...
Awesome news! Will these changes still require the purchase is Advanced Cert Manager (ACM) ?
Filled out the Google form. Looking forward to this!
Is there a roadmap or timeline for these changes?
@Chaika do you have any updates on my questions above?
Sorry for bumping an old thread, lmk if I should open a new one
what's the question, if you can customize ciphers without ACM? You need ACM to change them at all
Thank you, I was hoping that would have opened up but oh well. So the changes made are purely to give you the option to configure the ciphers through the UI.
Is there an ETA for the UI changes?
I'm not 100% sure on the changes Yomna is talking about but they sound just UI yea, and they were just asking, probably going to be a fair bit
CF doesn't give ETAs for anything generally, and the ones they do, they usually miss
No worries, thanks again for confirming.