Skip to content

Instantly share code, notes, and snippets.

@skwashd
Created October 31, 2017 16:20
Show Gist options
  • Save skwashd/7f9a6191d73e71ab06ea7ef2e38b9f0d to your computer and use it in GitHub Desktop.
Save skwashd/7f9a6191d73e71ab06ea7ef2e38b9f0d to your computer and use it in GitHub Desktop.
Disable old versions of TLS for all domains on Cloudflare
#!/bin/sh
# Enable modern TLS only mode for all sites on Cloudflare (max 50)
#
# Written by Dave Hall <skwashd@gmail.com>
# CC-0 License applies - https://creativecommons.org/publicdomain/zero/1.0/
BASE_URI="https://api.cloudflare.com/client/v4"
if [[ -z "${AUTH_EMAIL}" ]]; then
echo "Please set the AUTH_EMAIL environment variable." >&2
exit 1
fi
if [[ -z "${AUTH_KEY}" ]]; then
echo "Please set the AUTH_KEY environment variable." >&2
exit 2
fi
# TODO Add pagination here.
RAW_ZONES="$(curl -s -X GET "${BASE_URI}/zones?status=active&page=1&per_page=50&order=name&direction=asc" \
-H "X-Auth-Email: ${AUTH_EMAIL}" \
-H "X-Auth-Key: ${AUTH_KEY}" \
-H "Content-Type: application/json")"
for ZONE_ID in $(echo $RAW_ZONES | jq ".result[].id" | tr -d \"); do
# Update the config
curl -X PATCH "${BASE_URI}/zones/${ZONE_ID}/settings/tls_1_2_only" \
-H "X-Auth-Email: ${AUTH_EMAIL}" \
-H "X-Auth-Key: ${AUTH_KEY}" \
-H "Content-Type: application/json" \
--data '{"value":"on"}'
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment