Perhaps it is worthwhile to take a look at the Mendix Cloud Login Guard module in the app store. Not sure if it fully covers your scenario.
In a CF deployment, SSL is handled by a separate web server in front of your Mendix app container. For example, if your SSL endpoint web server is running NGINX and OpenSSL, then this would be relevant:
Here’s an interesting article about selecting ciphers as well: