Disabling SSL ciphers on a per cipher basis

At present the Acquia platform uses a standardized set of supported protocols and ciphers for SSL termination on the Acquia load balancers. We regularly review this configuration in light of industry best practices.

When it comes to deprecating and retiring older configurations we have to balance the desire of some customers to use only the most up-to-date technologies with the requirements to support certain older devices.

Acquia's Security and Platform teams are constantly reviewing the latest security information to guarantee that the security ciphers in use on the Acquia Network for SSL are not vulnerable or past their generally accepted retirement dates, with strong attention being paid to the SSL requirements of the PCI-DSS industry for credit card processing, and the requirements of the Federal Government.

As such, we are not able to manage cipher suites on a per customer basis. However, individual cipher management is possible by adding a CDN (for example Edge Protect) and setting your specific configurations there. For more information about that, please reach out to your account manager.