Hi Theo,
Perhaps it is worthwhile to take a look at the Mendix Cloud Login Guard module in the app store. Not sure if it fully covers your scenario.
Kind regards,
Jeroen Odink
In a CF deployment, SSL is handled by a separate web server in front of your Mendix app container. For example, if your SSL endpoint web server is running NGINX and OpenSSL, then this would be relevant:
https://askubuntu.com/questions/319192/how-to-enable-tls-1-2-in-nginx
Here’s an interesting article about selecting ciphers as well:
https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/