Created
October 31, 2017 16:20
-
-
Save skwashd/7f9a6191d73e71ab06ea7ef2e38b9f0d to your computer and use it in GitHub Desktop.
Disable old versions of TLS for all domains on Cloudflare
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Enable modern TLS only mode for all sites on Cloudflare (max 50) | |
| # | |
| # Written by Dave Hall <skwashd@gmail.com> | |
| # CC-0 License applies - https://creativecommons.org/publicdomain/zero/1.0/ | |
| BASE_URI="https://api.cloudflare.com/client/v4" | |
| if [[ -z "${AUTH_EMAIL}" ]]; then | |
| echo "Please set the AUTH_EMAIL environment variable." >&2 | |
| exit 1 | |
| fi | |
| if [[ -z "${AUTH_KEY}" ]]; then | |
| echo "Please set the AUTH_KEY environment variable." >&2 | |
| exit 2 | |
| fi | |
| # TODO Add pagination here. | |
| RAW_ZONES="$(curl -s -X GET "${BASE_URI}/zones?status=active&page=1&per_page=50&order=name&direction=asc" \ | |
| -H "X-Auth-Email: ${AUTH_EMAIL}" \ | |
| -H "X-Auth-Key: ${AUTH_KEY}" \ | |
| -H "Content-Type: application/json")" | |
| for ZONE_ID in $(echo $RAW_ZONES | jq ".result[].id" | tr -d \"); do | |
| # Update the config | |
| curl -X PATCH "${BASE_URI}/zones/${ZONE_ID}/settings/tls_1_2_only" \ | |
| -H "X-Auth-Email: ${AUTH_EMAIL}" \ | |
| -H "X-Auth-Key: ${AUTH_KEY}" \ | |
| -H "Content-Type: application/json" \ | |
| --data '{"value":"on"}' | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment