From 8cfcf311f60527151570179711d0619dc2b20058 Mon Sep 17 00:00:00 2001 From: Nic <123965403+ngayerie@users.noreply.github.com> Date: Thu, 2 Jan 2025 09:11:07 +0100 Subject: [PATCH 1/3] Update customize-cipher-suites.mdx --- .../cipher-suites/customize-cipher-suites.mdx | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/content/docs/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites.mdx b/src/content/docs/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites.mdx index 3b990e104262f8..5d785242db62d9 100644 --- a/src/content/docs/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites.mdx +++ b/src/content/docs/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites.mdx @@ -70,6 +70,11 @@ Note that: 4. Make an API call to either the [Edit zone setting](/api/resources/zones/subresources/settings/methods/edit/) endpoint or the [Edit TLS setting for hostname](/api/resources/hostnames/subresources/settings/subresources/tls/methods/update/) endpoint, specifying `ciphers` in the URL. List your array of chosen cipher suites in the `value` field. +:::note + +Updating the cipher suites will result in certificates being renewed and redeployed. +::: + :::caution For guidance around custom hostnames, refer to [TLS settings - Cloudflare for SaaS](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/enforce-mtls/#cipher-suites). From 24ca965b7867c46abb3a4d57adaf82f8486a5384 Mon Sep 17 00:00:00 2001 From: Nic <123965403+ngayerie@users.noreply.github.com> Date: Thu, 2 Jan 2025 12:59:12 +0100 Subject: [PATCH 2/3] Update customize-cipher-suites.mdx --- .../cipher-suites/customize-cipher-suites.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites.mdx b/src/content/docs/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites.mdx index 5d785242db62d9..a2a3648d97bf5c 100644 --- a/src/content/docs/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites.mdx +++ b/src/content/docs/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites.mdx @@ -72,7 +72,7 @@ Note that: :::note -Updating the cipher suites will result in certificates being renewed and redeployed. +Updating the cipher suites will result in certificates being redeployed. ::: :::caution From c965b790d12503532f8b0b7574fdd53c72dafb20 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Fri, 3 Jan 2025 17:42:30 +0000 Subject: [PATCH 3/3] Adjust stacked up callouts and remove redundant Note that --- .../cipher-suites/customize-cipher-suites.mdx | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/src/content/docs/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites.mdx b/src/content/docs/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites.mdx index a2a3648d97bf5c..02e8a2b2e74acf 100644 --- a/src/content/docs/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites.mdx +++ b/src/content/docs/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites.mdx @@ -18,11 +18,7 @@ You may want to do this to follow specific [recommendations](/ssl/edge-certifica Customizing cipher suites will not lead to any downtime in your SSL/TLS protection. :::note - - -Note that this process only refers to connections [between clients and the Cloudflare network](/ssl/concepts/#edge-certificate). For connections between Cloudflare and your origin server, refer to [Origin server > Cipher suites](/ssl/origin-configuration/cipher-suites/). - - +This documentation only refers to connections [between clients and the Cloudflare network](/ssl/concepts/#edge-certificate). For connections between Cloudflare and your origin server, refer to [Origin server > Cipher suites](/ssl/origin-configuration/cipher-suites/). ::: ## How it works @@ -49,6 +45,11 @@ ECDSA cipher suites are prioritized over RSA, and Cloudflare preserves the speci ## Set up + +:::note +For guidance around custom hostnames, refer to [TLS settings - Cloudflare for SaaS](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/enforce-mtls/#cipher-suites). +::: + ### Before you begin Note that: @@ -71,15 +72,9 @@ Note that: 4. Make an API call to either the [Edit zone setting](/api/resources/zones/subresources/settings/methods/edit/) endpoint or the [Edit TLS setting for hostname](/api/resources/hostnames/subresources/settings/subresources/tls/methods/update/) endpoint, specifying `ciphers` in the URL. List your array of chosen cipher suites in the `value` field. :::note - Updating the cipher suites will result in certificates being redeployed. ::: -:::caution - -For guidance around custom hostnames, refer to [TLS settings - Cloudflare for SaaS](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/enforce-mtls/#cipher-suites). -::: - @@ -133,7 +128,7 @@ curl --request PATCH \ :::caution -For compliance with PCI DSS, also [enable TLS 1.3](/ssl/edge-certificates/additional-options/tls-13/#enable-tls-13) on your zone and make sure to up your [Minimum TLS version](/ssl/edge-certificates/additional-options/minimum-tls/) to `1.2`. +For compliance with PCI DSS, also [enable TLS 1.3](/ssl/edge-certificates/additional-options/tls-13/#enable-tls-13) on your zone and make sure to up your [Minimum TLS version](/ssl/edge-certificates/additional-options/minimum-tls/) to `1.2`. :::