Disable weak ciphers
Hello,
I'm trying to disable weak cipher suites using the following: (token and zone ID redacted for security)
curl --request PATCH "https://api.cloudflare.com/client/v4/zones/ZONE_ID_REDACTED/settings/ciphers" --header "Authorization: Bearer TOKEN_REDACTED" --header "Content-Type: application/json" --data '{"value": ["ECDHE-ECDSA-AES128-GCM-SHA256","ECDHE-ECDSA-CHACHA20-POLY1305","ECDHE-RSA-AES128-GCM-SHA256","ECDHE-RSA-CHACHA20-POLY1305","ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-GCM-SHA384", "AEAD-AES128-GCM-SHA256", "AEAD-AES256-GCM-SHA384", "AEAD-CHACHA20-POLY1305-SHA256"]}'
I get the following response:
{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6111,"message":"Invalid format for Authorization header"}]}],"messages":[],"result":null}
I believe I am following the guide correctly: https://developers.cloudflare.com/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites/#steps-and-api-examples
I have submitted several support tickets but they've been lost, and now I am unable to raise a new one (I am aware of the issues with the support system)
Thanks in advance
Cloudflare Docs
Customize cipher suites | Cloudflare SSL/TLS docs
With Advanced Certificate Manager or within Cloudflare for SaaS, you can restrict connections between Cloudflare and clients — such as your visitor’s browser — to specific cipher suites.
4 Replies
{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6111,"message":"Invalid format for Authorization header"}]}],"messages":[],"result":null}That sounds like you're trying to use a global API key in the format for a scoped API token, can you try creating a scoped API token with the right permission?
I have submitted several support tickets but they've been lost, and now I am unable to raise a new one (I am aware of the issues with the support system)If you write a post on https://community.cloudflare.com this access issue can be escalated and resolved. Make sure to include the error message.
Thanks @Erisa , I'm a step forward now:
{"success":false,"errors":[{"code":1007,"message":"Invalid value for zone setting ciphers"}],"messages":[],"result":null}
Sidenote, Is there a way to get more verbose errors out of the API that you are aware of?
Hmm that seems a bit wrong from the data you provided 🤔 don't have the capacity to test this myself right now, but I assume thats one of the examples from the docs?
Sidenote, Is there a way to get more verbose errors out of the API that you are aware of?There unfortunately is not, those errors are as good as it gets.
Yeah it is an example from the docs