SW
CDCloudflare Developers
•Created by SW on 3/8/2025 in #pages-help
TLS 1.2 locked - What?
We use Cloudflare pages for simple test sites, our docs, placeholders on other domains we own... Pages works fine if you know from the start that you want to use Pages, which we did.
Now we are getting compliance checks failing because you use old unsafe ciphers of TLS 1.2. Any Cloudflare Pages hosted site can not be PCI DSS compliant, and anyone who accepts payments online needs to be PCI DSS compliant.
To recap: anyone who uses Cloudflare Pages and accepts payments online is directly violating PCI DSS compliance and can be fined. Cloudflare Pages === guaranteed failed audit.
Cloudflare proxy allows you to bump up to TLS 1.1, 1.2, 1.3. But Cloudflare Pages explicitly does not.
"It is not possible to configure minimum TLS version nor cipher suites for Cloudflare Pages hostnames."
https://developers.cloudflare.com/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites/#before-you-begin
I hate to do this but now I need to figure out some other way to host simple docs sites etc. Forcing me to consider using Vercel.
Or we doct-tape an S3 bucket to the Cloudflare proxy and bump up the TLS.
This is pretty silly... Why does CF even still default to told unsafe ciphers?
14 replies