Custom Cipher Support for Pages
Is there support for custom cipher for domains used by Pages? We have TLS min 1.3 set in the Advanced Certificate Manager but it's not applied to the domain tied to the Pages deployment. We also tried updating the ciphers for the hostname via the API but it's not updating?
5 Replies
Pages uses CF for SaaS Custom Hostnames which has its own min tls and cipher settings which override the ones you set in your zone, I'm not aware of any way to set them from Pages's side
yea, looks like no offical way: https://community.cloudflare.com/t/is-it-possible-to-change-minimum-tls-version-for-cloudflare-pages/619091/3?u=chaika
If you proxied your pages.dev with a worker (or a snippet when they come out), it wouldn't override them, but not a great solution
Damn I was hoping things had changed since then.
Any ideas if this is something that might be supported? For context we want to migrate off the weak ciphers for TLS 1.2
all our other services (in AWS) are on TLS 1.3 min so Ciphers aren't really an issue right now
I don't see any reason why they couldn't expose those properties of the Custom Hostname, they're currently just hardcoded/set as default. When Pages first launched it was even TLS 1.0/1.1 but then they raised the min. It's just really low priority I imagine
Gotcha, we'll have to work around this somehow then. Thanks a bunch for the quick resposne
Feel free to escalate these kinda cases
Demand is how we get features made 🙂
Was literally just discussing this about R2 earlier today