A common request from our customers is tuning the ciphers WAF-as-a-Service enables. Customers may need to allow additional ciphers for compatibility with older browsers/clients; other customers may need to disable less secure ciphers for compliance reasons. Starting today, you can control this setting directly via the WAF-as-a-Service UI, by going to the Endpoints page and editing your HTTPS endpoint:

As shown, you can select from a number of predefined cipher suites, or you can customize the exact ciphers allowed using the API.

You can also enable or disable Perfect Forward Secrecy when using supported protocols and ciphers.