Cloudflare Docs
Support
Support
Visit Support on GitHub
Set theme to dark (⇧+D)

Cloudflare and CVE-2019-1559

​​ Overview

The GOLDENDOODLE and Zombie POODLE attacks affect applications that use certain cipher suites associated with TLS 1.2.

Any application on Cloudflare, however, is not vulnerable to these attacks because Cloudflare does not use the affected version of openssl at its edge.

Cloudflare could not remove these cipher suites from our edge by default because we did not want to break customer applications using legacy cipher suites.


​​ Remove warnings from external security scanners

Even though your application is not vulnerable to CVE-2019-1559, some security scanners may flag your application erroneously.

To remove these warnings, you could use Advanced Certificate Manager to exclude the following ciphers from your list of cipher suites:

  • ECDHE-ECDSA-AES256-SHA384
  • ECDHE-ECDSA-AES128-SHA256
  • ECDHE-RSA-AES256-SHA384

For how-to steps, refer to Customize cipher suites.