You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/enforce-mtls.mdx
+18-3Lines changed: 18 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -38,24 +38,39 @@ While TLS 1.3 is the most recent and secure version, it is not supported by some
38
38
39
39
### Scope
40
40
41
-
- For custom hostnames created via API, it is possible not to explicitly define a value for `min_tls_version`. When that is the case, whatever value is defined as your zone's [minimum TLS version](/ssl/edge-certificates/additional-options/minimum-tls/) (under **Edge certificates** > **Minimum TLS Version**) will be applied. To confirm whether a given custom hostname has a specific minimum TLS version set, use the following API call.
41
+
Minimum TLS version exists both as a [zone-level setting](/ssl/edge-certificates/additional-options/minimum-tls/) (under **Edge certificates** > **Minimum TLS Version**) and as a custom hostname setting. What this implies is:
- For custom hostnames created via API, it is possible not to explicitly define a value for `min_tls_version`. When that is the case, whatever value is defined as your zone's minimum TLS version will be applied. To confirm whether a given custom hostname has a specific minimum TLS version set, use the following API call.
In the API documentation, refer to [Custom Hostname Details](/api/resources/custom_hostnames/methods/get/).
46
48
49
+
TO-DO: Add APIRequest example
47
50
48
51
</Details>
49
52
50
-
- If you specify any other settings for that custom hostname via Dashboard, whichever value is set for Minimum TLS version will then override your zo
53
+
- Whenever you make changes to a custom hostname via Dashboard, the value that is set for Minimum TLS version will apply. Meaning it will override a zone-level configuration applied as in the scenario above.
54
+
55
+
- For custom hostnames with wildcards enabled, the direct custom hostname you create (`saas-customer.test`) will use the hostname-specific setting, while the others (`sub1.saas-customer.test`, `sub2.saas-customer.test`, etc) will default to the zone-level setting.
51
56
52
57
### Setup
53
58
59
+
<Detailsheader="Minimum TLS version for your zone">
60
+
61
+
Refer to [Minimum TLS version - SSL/TLS](/ssl/edge-certificates/additional-options/minimum-tls/#zone-level).
62
+
63
+
</Details>
64
+
65
+
<Detailsheader="Minimum TLS version for custom hostname">
66
+
54
67
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account and website.
55
68
2. Go to **SSL/TLS** > **Custom Hostnames**.
56
69
3. Find the hostname to which you want to apply Minimum TLS Version. Select **Edit**.
57
70
4. Choose the desired TLS version under **Minimum TLS Version** and select **Save**.
58
71
72
+
</Details>
73
+
59
74
## Cipher suites
60
75
61
76
For security and regulatory reasons, you may want to only allow connections from certain cipher suites. Cloudflare provides recommended values and full cipher suite reference in our [Cipher suites documentation](/ssl/edge-certificates/additional-options/cipher-suites/#resources).
0 commit comments