[SSL] Link to custom cipher suites and update USSL limitations (#19199)

* Link to customize-cipher-suites from Features in Overview

* Add more known limitations to USSL dedicated docs

Author: RebeccaTamachiro

src/content/docs/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites.mdx

@@ -11,7 +11,7 @@ head:
 
 import { Render, TabItem, Tabs } from "~/components"
 
-With [Advanced Certificate Manager](/ssl/edge-certificates/advanced-certificate-manager/) or within [Cloudflare for SaaS](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/), you can restrict connections between Cloudflare and clients -- such as your visitor's browser -- to specific [cipher suites](/ssl/edge-certificates/additional-options/cipher-suites/).
+With [Advanced Certificate Manager](/ssl/edge-certificates/advanced-certificate-manager/) or within [Cloudflare for SaaS](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/), you can restrict connections between Cloudflare and clients — such as your visitor's browser — to specific [cipher suites](/ssl/edge-certificates/additional-options/cipher-suites/).
 
 You may want to do this to follow specific [recommendations](/ssl/edge-certificates/additional-options/cipher-suites/recommendations/), to [disable weak cipher suites](/ssl/edge-certificates/additional-options/cipher-suites/troubleshooting/#ssl-labs-weak-ciphers-report), or to comply with [industry standards](/ssl/edge-certificates/additional-options/cipher-suites/compliance-status/).
 

src/content/docs/ssl/edge-certificates/additional-options/cipher-suites/index.mdx

@@ -14,7 +14,7 @@ import { DirectoryListing, Render } from "~/components"
 
 <Render file="cipher-suites-definition" /><br />
 
-This section covers cipher suites used in connections between clients -- such as your visitor's browser -- and the Cloudflare network. For information about cipher suites used between Cloudflare and your origin server, refer to [Origin server > Cipher suites](/ssl/origin-configuration/cipher-suites/).
+This section covers cipher suites used in connections between clients — such as your visitor's browser — and the Cloudflare network. For information about cipher suites used between Cloudflare and your origin server, refer to [Origin server > Cipher suites](/ssl/origin-configuration/cipher-suites/).
 
 :::note
 

src/content/docs/ssl/edge-certificates/universal-ssl/limitations.mdx

@@ -11,7 +11,7 @@ head:
 
 import { GlossaryTooltip } from "~/components"
 
-Universal SSL certificates are limited by the hostnames they cover and the browsers they support.
+Universal SSL certificates present some limitations.
 
 ## Hostname coverage
 
@@ -26,9 +26,28 @@ Universal SSL certificates only support SSL for the root or first-level subdomai
 
 On a CNAME setup zone, each subdomain has its own Universal SSL certificate and does not require additional features or purchases.
 
-## Browser support
+## Certificate authority
+
+For Universal SSL certificates, Cloudflare chooses the <GlossaryTooltip term="Certificate Authority (CA)">certificate authority (CA)</GlossaryTooltip> used for your certificate.
+
+Cloudflare can change the [certificate authority](/ssl/reference/certificate-authorities/) without prior notification, and will not send any notification as the change happens.
+
+If you want to choose the issuing certificate authority, [order an advanced certificate](/ssl/edge-certificates/advanced-certificate-manager/).
+
+
+## Validity period
+
+For Universal certificates, Cloudflare controls the validity period. Refer to [validity periods and renewal](/ssl/reference/certificate-validity-periods/#universal-ssl) for details.
 
-For more on browser support, see [Browser compatibility](/ssl/reference/browser-compatibility/).
+## TLS settings
+
+[Customizing cipher suites](/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites/) is only available with [Advanced Certificate Manager](/ssl/edge-certificates/advanced-certificate-manager/) or within [Cloudflare for SaaS](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/).
+
+You can set up [minimum TLS version](/ssl/edge-certificates/additional-options/minimum-tls/) at the zone level, but, for per-hostname settings, you must have [Advanced Certificate Manager](/ssl/edge-certificates/advanced-certificate-manager/).
+
+## Delegated DCV
+
+Delegated DCV allows zones with [partial DNS setups](/dns/zone-setups/partial-setup/) to delegate the DCV process to Cloudflare. DCV delegation will not work with Universal SSL certificates and requires the use of an [advanced certificate](/ssl/edge-certificates/advanced-certificate-manager/).
 
 ## Spectrum
 
@@ -38,10 +57,6 @@ Universal SSL is not compatible with [Cloudflare Spectrum](/spectrum/). If you a
 
 Due to internal limitations, Universal SSL certificates do not cover [load balancing hostnames](/load-balancing/load-balancers/dns-records/) by default. This behavior will be corrected in the future.
 
-## Certificate authority
-
-For Universal SSL certificates, Cloudflare chooses the <GlossaryTooltip term="Certificate Authority (CA)">certificate authority (CA)</GlossaryTooltip> used for your certificate.
-
-Cloudflare can change the [certificate authority](/ssl/reference/certificate-authorities/) without prior notification, and will not send any notification as the change happens.
+## Browser support
 
-If you want to choose the issuing certificate authority, [order an advanced certificate](/ssl/edge-certificates/advanced-certificate-manager/).
+For more on browser support, see [Browser compatibility](/ssl/reference/browser-compatibility/).

src/content/docs/ssl/index.mdx

@@ -34,7 +34,7 @@ Even if you use a different provider for authoritative DNS, you can delegate dom
 </Feature>
 
 <Feature header="Custom TLS settings" href="/ssl/edge-certificates/additional-options/minimum-tls/">
-Cloudflare also allows you to specify the minimum TLS version that visitors must use to connect to your website or application, and restrict cipher suites according to your security requirements.
+Cloudflare also allows you to specify the minimum TLS version that visitors must use to connect to your website or application, and [restrict cipher suites](/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites/) according to your security requirements.
 </Feature>
 
 <br />