Configuration of TLS security suites


We test our static sites running on Render using, previously it would give good ratings but now caps at a B rating due to the server negotiating to use the weak cipher suite TLS_RSA_WITH_AES_128_CBC_SHA on some older browsers. Is there anyway I can configure the security characteristics of my sites such that I can disable this specific suite or at least adjust cipher suite priorities or is this something I can only do if I were running my own servers?

Any advice on this would be appreciated.

Many Thanks,

Hi Chris,

Unfortunately, right now we don’t support disabling certain cipher suites. We have an open issue in our backlog that I have added your request to so it can help us prioritize it.

Hi Tyler,

Thanks for the response.

I have been searching through your feature requests page, is this open issue within that page or an internal backlog, just so I can watch for progress?

We have a ticket in our internal backlog but I added it to our feature requests here as well so you can upvote it to receive updates.

1 Like


i’m wondering if it’s possible to open up the TLS down to 1.0, as I’m serving clients coming from older devices…

would be nice if we could configure both TLS version & ciphers per services.

what I know is feasible is changing the TLS version, as cloudflare have options to change it on the fly.