How can I disable TLS 1.0, TLS 1.1 and weak ciphers with custom domains?

Question: How can I disable TLS 1.0, TLS 1.1 and weak ciphers with custom domains?

Answer

This can be done now as a self-service operation using Management API v2.
Use the Update a custom domain endpoint (PATCH /api/v2/custom-domains/{id}) with the following payload:

{
  "tls_policy":"recommended"
}

Note how you don’t really specify protocols or individual ciphers. recommended means that Auth0 uses the industry recommendations and might update the supported protocols or ciphers from time to time.

The other option is:

{ "tls_policy": "compatible" }

This is backward compatible option if you have clients that still require TLS 1.0 or TLS 1.1.

Supporting Documentation

https://auth0.com/docs/api/management/v2#!/Custom_Domains/patch_custom_domains_by_id

3 Likes