Cipher Suites
developer/v1/domain/ciphersAnalyzes TLS cipher suite configuration for a domain by detecting the CDN/server infrastructure and reporting its known cipher suites. For sites behind Cloudflare, AWS CloudFront, Fastly, or Akamai, the endpoint returns the CDN's published default cipher suite configuration. For other servers, it provides a Mozilla Intermediate reference profile. Each cipher is graded and classified with forward secrecy, AEAD support, security level, and Mozilla compatibility assessment.
What It Does
Connects to the domain over TLS, detects the CDN or server infrastructure from response headers, then reports the appropriate cipher suite profile. For detected CDNs (Cloudflare, CloudFront, Fastly, Akamai), it uses the CDN's published default cipher suites. Each cipher is classified by protocol version, key exchange, authentication, encryption, MAC, AEAD support, forward secrecy, security level (recommended/secure/weak/insecure), and includes the OpenSSL name for cross-referencing. Returns overall grade, Mozilla Modern/Intermediate compatibility, and actionable recommendations.
Why It's Useful
Cipher suite configuration determines the actual encryption strength of TLS connections. Weak ciphers (RC4, DES, export ciphers) can be exploited even with modern TLS versions, and missing forward secrecy means a compromised server key decrypts all past traffic. Regular cipher auditing against Mozilla SSL Configuration Generator (modern/intermediate profiles) and NIST SP 800-52r2 is required for PCI-DSS and SOC 2 compliance.
Use Cases
Security Hardening Verification
After configuring cipher suites, verify only strong ciphers are enabled and properly ordered.
Confirm cipher hardening is effective and no weak ciphers remain.
Compliance Assessment
Verify cipher suite configuration meets compliance requirements (e.g., NIST guidelines).
Document cipher compliance for regulatory audits.
Vulnerability Assessment
Identify weak cipher suites that could be exploited in downgrade attacks.
Find cryptographic weaknesses during security assessments.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to analyze cipher suites forExample: example.com |
port | number | Optional | Port to connect to (default: 443)Example: 443 |
Response Fields
| Field | Type | Description |
|---|---|---|
domain | string | The queried domain |
port | number | The port used for connection |
overallGrade | string | Overall cipher suite security grade (A+ through F) |
ciphers | array | Cipher suites with name, grade, protocol, openSslName, keyExchange, authentication, encryption, mac, isAEAD, forwardSecrecy, securityLevel, keySize, and issues |
bestCipher | string | Name of the strongest cipher suite |
worstCipher | string | Name of the weakest cipher suite |
issues | array | Security issues found with the cipher configuration |
recommendations | array | Actionable cipher suite improvement suggestions |
serverInfo | object | Detected CDN and server information (cdn, server) |
analysisMethod | string | How the cipher data was obtained: cdn-detected or reference |
tlsVersions | array | TLS versions supported by the cipher profile |
supportsForwardSecrecy | boolean | Whether any cipher provides perfect forward secrecy |
supportsAEAD | boolean | Whether any cipher uses authenticated encryption (AEAD) |
mozillaCompatibility | object | Compatibility with Mozilla Modern and Intermediate TLS profiles |
count | number | Total number of cipher suites |
timestamp | string | ISO 8601 timestamp of the analysis |
Code Examples
curl "https://api.edgedns.dev/v1/domain/ciphers" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "domain=example.com"const response = await fetch(
'https://api.edgedns.dev/v1/domain/ciphers?domain=example.com',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/domain/ciphers',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'domain': 'example.com'
}
)
data = response.json()
print(data)Read the full Cipher Suites guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.
Try This Endpoint
Test the Cipher Suites endpoint live in the playground.