Cipher suites - Troubleshooting
If you encounter issues with edge certificate cipher suites, refer to the following scenarios.
Compatibility with Minimum TLS Version
When you adjust the setting used for your domain’s Minimum TLS Version, your domain only allows HTTPS connections using that TLS protocol version.
This setting can cause issues if you are not supporting TLS 1.2 ciphers on your domain. If you experience issues, review your domain’s Minimum TLS Version setting and Cloudflare’s supported cipher list.
Compatibility with certificate type
If you upload a custom certificate, make sure the certificate matches your chosen cipher suites.
For example, if you have upload an RSA certificate, your cipher suite selection cannot only support ECDSA certificates.
TLS 1.3 settings
Based on current Cloudflare functionality, you cannot set specific 1.3 ciphers through the API.
Instead, you will need to enable TLS 1.3 for your entire domain and Cloudflare will use all applicable TLS 1.3 cipher suites.