When configuring Cloudflare to use TLS 1.3 as the minimum protocol for .bank domains, the following ciphers are automatically enabled, as they are the only ciphers supported under TLS 1.3:

TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A

TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A

TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A

These ciphers comply with the .bank fTLD security requirements, ensuring the highest standards for encryption and performance. Since this Cloudflare TLS setting eliminates the need for custom cipher configuration by design, there is no need to manually modify or customize cipher settings. Cloudflare handles the selection and prioritization of these ciphers automatically, aligning with industry standards and .bank compliance requirements.

By leveraging this setup, your .bank domain remains secure and in full compliance with the fTLD's strict guidelines, without the need for additional configuration adjustments.

You can verify the ciphers that are enabled on any domain using nmap:
​