Configuration of TLS security suites

cchorley · February 1, 2022, 6:34pm

Hi,

We test our static sites running on Render using https://www.ssllabs.com/, previously it would give good ratings but now caps at a B rating due to the server negotiating to use the weak cipher suite TLS_RSA_WITH_AES_128_CBC_SHA on some older browsers. Is there anyway I can configure the security characteristics of my sites such that I can disable this specific suite or at least adjust cipher suite priorities or is this something I can only do if I were running my own servers?

Any advice on this would be appreciated.

Many Thanks,

tyler · February 1, 2022, 11:16pm

Hi Chris,

Unfortunately, right now we don’t support disabling certain cipher suites. We have an open issue in our backlog that I have added your request to so it can help us prioritize it.

cchorley · February 2, 2022, 10:24am

Hi Tyler,

Thanks for the response.

I have been searching through your feature requests page, is this open issue within that page or an internal backlog, just so I can watch for progress?

tyler · February 2, 2022, 6:30pm

We have a ticket in our internal backlog but I added it to our feature requests here as well so you can upvote it to receive updates.

ditowindya · April 25, 2022, 10:42pm

meanwhile…

i’m wondering if it’s possible to open up the TLS down to 1.0, as I’m serving clients coming from older devices…

would be nice if we could configure both TLS version & ciphers per services.

what I know is feasible is changing the TLS version, as cloudflare have options to change it on the fly.

Topic		Replies	Views
Disable TLS 1.0 and 1.1	4	636	September 22, 2022
SSL Error or Cipher Mismatch	2	217	September 22, 2023
SSL/TLS handshake error despite Certificate Issued	4	345	November 21, 2024
Cannot Connect - SSL error	2	382	July 19, 2022
TLS/TCP/cert files?	2	356	June 24, 2022

Configuration of TLS security suites

Related topics