TLS Settings — Cloudflare for SaaS

Mutual TLS (mTLS) Open external link adds an extra layer of protection to application connections by validating certificates on the server and the client. When building a SaaS application, you may want to enforce mTLS to protect sensitive endpoints related to payment processing, database updates, and more.

Minimum TLS Version allows you to choose a cryptographic standard per custom hostname. Cloudflare recommends TLS 1.2 to comply with the Payment Card Industry (PCI) Security Standards Council.

​​ Enable mTLS

Once you have added a custom hostname, you can enable mTLS by using Cloudflare Access. Go to the Cloudflare Zero Trust dashboard and add mTLS authentication with a few clicks.

​​ Enable Minimum TLS Version

1. Log in to the Cloudflare dashboard Open external link and navigate to your account and website.

2. Select SSL/TLS > Custom Hostnames.

3. Find the hostname to which you want to apply Minimum TLS Version. Select Edit.

4. Choose the desired TLS version under Minimum TLS Version and click Save.