Skip to content

[SSL] Custom cipher suites clarifications #22268

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 8, 2025
Merged

[SSL] Custom cipher suites clarifications #22268

merged 4 commits into from
May 8, 2025

Conversation

@RebeccaTamachiro
Copy link
Contributor

@RebeccaTamachiro RebeccaTamachiro commented May 7, 2025

Summary

PCX-17282
Supersedes #22103

@RebeccaTamachiro RebeccaTamachiro requested a review from a team as a code owner May 7, 2025 14:24
@github-actions github-actions bot added product:ssl Related to SSL size/s labels May 7, 2025
@hyperlint-ai
Copy link
Contributor

hyperlint-ai bot commented May 7, 2025

Howdy and thanks for contributing to our repo. The Cloudflare team reviews new, external PRs within two (2) weeks. If it's been two weeks or longer without any movement, please tag the PR Assignees in a comment.

We review internal PRs within 1 week. If it's something urgent or has been sitting without a comment, start a thread in the Developer Docs space internally.

PR Change Summary

Clarified the documentation regarding custom cipher suites and their configurations.

  • Updated the selection modes for configuring cipher suites in the dashboard.
  • Added notes regarding the interaction of cipher suites with TLS settings.
  • Clarified the implications of using Modern cipher suites with TLS 1.3.

Modified Files

  • src/content/docs/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites/dashboard.mdx
  • src/content/docs/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites/index.mdx
  • src/content/docs/ssl/edge-certificates/additional-options/cipher-suites/recommendations.mdx
How can I customize these reviews?

Check out the Hyperlint AI Reviewer docs for more information on how to customize the review.

If you just want to ignore it on this PR, you can add the hyperlint-ignore label to the PR. Future changes won't trigger a Hyperlint review.

Note specifically for link checks, we only check the first 30 links in a file and we cache the results for several hours (for instance, if you just added a page, you might experience this). Our recommendation is to add hyperlint-ignore to the PR to ignore the link check for this PR.

@github-actions
Copy link
Contributor

github-actions bot commented May 7, 2025
edited
Loading

Preview URL: https://be053d32.preview.developers.cloudflare.com
Preview Branch URL: https://rebecca-ssl-custom-ciphers-clarifications.preview.developers.cloudflare.com

Files with changes (up to 15)

Original Link Updated Link
https://developers.cloudflare.com/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites/ https://rebecca-ssl-custom-ciphers-clarifications.preview.developers.cloudflare.com/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites/
https://developers.cloudflare.com/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites/dashboard/ https://rebecca-ssl-custom-ciphers-clarifications.preview.developers.cloudflare.com/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites/dashboard/
https://developers.cloudflare.com/ssl/edge-certificates/additional-options/cipher-suites/recommendations/ https://rebecca-ssl-custom-ciphers-clarifications.preview.developers.cloudflare.com/ssl/edge-certificates/additional-options/cipher-suites/recommendations/

deadlypants1973
deadlypants1973 approved these changes May 8, 2025
View reviewed changes
...ocs/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites/index.mdx
:::note
This documentation only refers to connections [between clients and the Cloudflare network](/ssl/concepts/#edge-certificate). For connections between Cloudflare and your origin server, refer to [Origin server > Cipher suites](/ssl/origin-configuration/cipher-suites/).
:::note[Cloudflare for SaaS]
If you are a SaaS provider looking to restrict cipher suites for connections to [custom hostnames](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/), this can be configured with a [Cloudflare for SaaS](/cloudflare-for-platforms/cloudflare-for-saas/) subscription. Refer to [TLS management](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/enforce-mtls/#cipher-suites) instead.
Copy link
Contributor

@deadlypants1973 deadlypants1973 May 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
If you are a SaaS provider looking to restrict cipher suites for connections to [custom hostnames](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/), this can be configured with a [Cloudflare for SaaS](/cloudflare-for-platforms/cloudflare-for-saas/) subscription. Refer to [TLS management](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/enforce-mtls/#cipher-suites) instead.
If you are a SaaS provider looking to restrict cipher suites for connections to [custom hostnames](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/), this restriction can be configured with a [Cloudflare for SaaS](/cloudflare-for-platforms/cloudflare-for-saas/) subscription. Refer to [TLS management](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/enforce-mtls/#cipher-suites) instead.

@RebeccaTamachiro RebeccaTamachiro enabled auto-merge (squash) May 8, 2025 08:53
@RebeccaTamachiro RebeccaTamachiro mentioned this pull request May 8, 2025
Closed
@RebeccaTamachiro RebeccaTamachiro merged commit 28dbb0f into production May 8, 2025
12 checks passed
@RebeccaTamachiro RebeccaTamachiro deleted the rebecca/ssl-custom-ciphers-clarifications branch May 8, 2025 09:05
Maddy-Cloudflare pushed a commit that referenced this pull request May 9, 2025
@RebeccaTamachiro @deadlypants1973 @Maddy-Cloudflare
[SSL] Custom cipher suites clarifications (#22268)
9871551 
* Make CF4SaaS disclaimer simpler and move it higher on the page

* More generic warning and add footnotes to recommendations.mdx

* Clarify that Modern equals PCI DSS when used with TLS 1.3

* Apply suggestion from code review

Co-authored-by: Kate Tungusova <[email protected]>

---------

Co-authored-by: Kate Tungusova <[email protected]>
daisyfaithauma pushed a commit that referenced this pull request May 13, 2025
@RebeccaTamachiro @deadlypants1973 @daisyfaithauma
[SSL] Custom cipher suites clarifications (#22268)
8cf9e2a 
* Make CF4SaaS disclaimer simpler and move it higher on the page

* More generic warning and add footnotes to recommendations.mdx

* Clarify that Modern equals PCI DSS when used with TLS 1.3

* Apply suggestion from code review

Co-authored-by: Kate Tungusova <[email protected]>

---------

Co-authored-by: Kate Tungusova <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@deadlypants1973 deadlypants1973 deadlypants1973 approved these changes

Assignees

No one assigned

Labels

product:ssl Related to SSL size/s

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RebeccaTamachiro @deadlypants1973