SSL/TLC Ciphers
Hey guys, I am using a bit of software that does not fully support the ECDH ciphers.
I want to make a subdomain only use the RSA certs so I have paid for the ACM (advanced certificate manager)
But when attempting to update the zones ciphers to
TLS_RSA_WITH_AES_128_CBC_SHA256 & TLS_RSA_WITH_AES_256_CBC_SHA256 it appears like its still attempting to use ECDH instead of RSA.
Is there anyway I can add the "X25519 ECDH curve" instead to my TLS/SSL settings?
Or have a rule that bypasses ECDH for a specific subdomain?
Without this the software I am using is unable to handle the SSL connection and it fails.
Currently when fetching the current ciphers for my zone its set as :
1 Reply
Reading the documentation it looks like its possible but after setting the above values it appears to have no effect.
https://developers.cloudflare.com/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites/