disable weak CBC cipher at origin server

I have disabled weak cipher at the origin server When I test internally using the below command (resolve to internal IP address) openssl s_client -cipher 'AES256-SHA' -connect xxx.xxx.xxx:443 -tls1_2 It showed fail to connect However, when test externally, it still connects successfully and it also showed the connection is using the certificate of origin server May I know if it is because the ssl handshake will follow cloudflare ciphersuites instead, even the certificate in use is the one of the origin server ? Thanks We are using cloudflare and the website is prooxied
3 Replies
Cyb3r-Jak3
Cyb3r-Jak3•6mo ago
Yes. The cipher suites that uses see are from their connection to Cloudflare. If you need to customize cipher suites then you need to purchase Advanced Certificate Manager.
Cyb3r-Jak3
Cyb3r-Jak3•6mo ago
Cloudflare Docs
Customize cipher suites · Cloudflare SSL/TLS docs
With Advanced Certificate Manager or within Cloudflare for SaaS, you can restrict connections between Cloudflare and clients - such as your visitor’s …
On
OnOP•6mo ago
Thanks for your information! 😊
Want results from more Discord servers?
Add your server