Skip to content

[CF1] clarify cipher suite usage in Cloudflare Tunnel TLS connections #25994

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 29, 2025
Merged

[CF1] clarify cipher suite usage in Cloudflare Tunnel TLS connections #25994

merged 3 commits into from
Oct 29, 2025

Conversation

@deadlypants1973
Copy link
Contributor

@deadlypants1973 deadlypants1973 commented Oct 22, 2025

Summary

PCX-16962

Screenshots (optional)

Documentation checklist

  • Is there a changelog entry (guidelines)? If you don't add one for something awesome and new (however small) — how will our customers find out? Changelogs are automatically posted to RSS feeds, the Discord, and X.
  • The change adheres to the documentation style guide.
  • If a larger change - such as adding a new page- an issue has been opened in relation to any incorrect or out of date information that this PR fixes.
  • Files which have changed name or location have been allocated redirects.

@deadlypants1973 deadlypants1973 requested review from a team, nikitacano and ranbel as code owners October 22, 2025 17:09
@github-actions
Copy link
Contributor

github-actions bot commented Oct 22, 2025

This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:

Pattern Owners
/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/ @nikitacano, @ranbel, @cloudflare/pcx-technical-writing

nikitacano
nikitacano reviewed Oct 22, 2025
View reviewed changes
...ocs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cipher-suites.mdx Outdated
---

Cloudflare Tunnel connections use the cipher suites supported by `cloudflared`, which relies on the Go TLS library for its TLS implementation. When establishing a TLS connection to your origin, `cloudflared` will negotiate the most secure cipher suite supported by both sides.
Cloudflare Tunnel connections use the cipher suites supported by `cloudflared`, which relies on the Go TLS library for its TLS implementation. These cipher suites apply to both the TLS connection between Cloudflare's network and `cloudflared`, and the HTTPS connection between `cloudflared` and your origin, even when [`noTLSVerify`](/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/#notlsverify) is set to `false`. In both cases, `cloudflared` negotiates the most secure cipher suite supported by both sides.
Copy link
Contributor

@nikitacano nikitacano Oct 22, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure about "even when noTLSVerify" wording.

@github-actions
Copy link
Contributor

github-actions bot commented Oct 22, 2025
edited
Loading

Preview URL: https://d13c13af.preview.developers.cloudflare.com
Preview Branch URL: https://kate-fixes-cipherdesc.preview.developers.cloudflare.com

Files with changes (up to 15)

Original Link Updated Link
https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cipher-suites/ https://kate-fixes-cipherdesc.preview.developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cipher-suites/

@nikitacano nikitacano enabled auto-merge (squash) October 29, 2025 16:26
@nikitacano nikitacano merged commit 6b9e3a7 into production Oct 29, 2025
8 checks passed
@nikitacano nikitacano deleted the kate/fixes-cipherdesc branch October 29, 2025 16:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nikitacano nikitacano nikitacano approved these changes

@ranbel ranbel Awaiting requested review from ranbel ranbel is a code owner

Assignees

@nikitacano nikitacano

@ranbel ranbel

Labels

October 2025 product:cloudflare-one size/xs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@deadlypants1973 @nikitacano @ranbel