CloudFlare SSL/TLS encryption methods


If you are using CloudFlare NAMESERVERS and need to use the certificate issued by the platform for domains not covered by Peqi, below we will explain how you should do it, what each SSL/TLS encryption mode means, and when you should use it.

To use CloudFlare certificates on domains not covered by Peqi, you must first mark the desired entry as "With Proxy", which will allow you to use the certificate issued by the platform.

Understanding the SSL/TLS encryption methods of the platform

Off (No Encryption)

Setting encryption mode to Off (not recommended) redirects any HTTPS request to unencrypted HTTP. Not recommended for sites handling sensitive information, as all connections will be plaintext.

Flexible

Setting encryption mode to Flexible allows the site to be partially secure. Cloudflare enables HTTPS connections between the visitor and Cloudflare, but all connections between Cloudflare and the origin server are made via HTTP, without requiring an SSL certificate on the origin server. Useful for sites unable to install an SSL certificate on the origin server.

Full

Setting encryption mode to Full enables HTTPS connections between the visitor and Cloudflare, and Cloudflare connects to the origin server using the scheme (HTTP or HTTPS) requested by the visitor. If the visitor uses HTTP, then Cloudflare connects to the origin server via HTTP, and vice versa. Recommended for most sites, providing security for traffic between the visitor and Cloudflare while maintaining flexibility in connecting to the origin server.

Full (Strict)

Setting encryption mode to Full (Strict) does everything Full does, but also imposes stricter requirements for origin certificates. Use only for sites requiring higher security and authentication from the origin server.

Related Articles