CloudFlare offers you free CDN service and also provides the free SSL services. If you are opting for the SSL certification on your CloudFlare settings, you may get confused between the different options available for you. Don’t worry; we will help you make the correct choices without leaving any confusion.
What is CloudFlare?
CloudFlare is a caching and security as a service. This service will help you protect and accelerate your online websites. The web traffic is routed through the global network of CloudFlare with an acceleration of static and dynamic content. The CloudFlare service helps you block the threats and limits the abusive bots and crawlers.
When you opt for SSL in CloudFlare, you will find four different options to configure. What do these SSL options mean? We will find out in the following description about each of the different options.
What are the SSL Options?
You will have four options to choose from if you are going with the options for setting up the SSL – SSL Off, Flexible, Full and Full Strict. What does the SSL do to your connection?
The SSL options let you have control over your connectivity –
- It allows your visitors to browse your website over a secure connection
- When your visitors connect with you, the SSL option controls the way CloudFlare connects to your web server.
The SSL options are listed from the least secure to the most secure. The possibilities are available on all plans provided by CloudFlare. The Off option is least reliable, while the Full Strict option is the most secure among the total options available.
Which Options should you go for?
Let us now explain what each of these CloudFlare SSL certifications does? Which circumstances do you use them for? Let us understand the differences between each of these setting options and what they do.
Off
This option will turn the secure connectivity off. That would make your connectivity completely disabled between you and your visitor. Regarding technical language, there won’t be any secure connection between your visitor and CloudFlare, as also there will not be any secure connection between CloudFlare and your web server.
This will make your visitors connect to you only over HTTP. If any of your visitors attempt connecting to your site over HTTPs, they will get a 301 redirect to the HTTP version of your site.
Flexible SSL
This SSL option ensures a secure connection between the visitor to your website and CloudFlare, but there will not be any secure connection between your web server and CloudFlare. This option will be a good one if you do not have an SSL certificate available on your web server.
However, your visitor will see your website as HTTPS enabled. We do not recommend opting for this setting if you have any sensitive information on your site. The Flexible SSL option will only work for the port 443 and 80. All traffic between your visitor and the CloudFlare is encrypted, but there will not be any encryption between your web server and CloudFlare.
We would recommend opting for the Flexible SSL option only if you are unable to set up SSL on your web server for any reason.
Full SSL
As it should be evident by now, Full SSL will mean a completely secure connection. You will have a fully secure connection between your visitor and CloudFlare and also a secure connection between your web server and CloudFlare.
If you want this connectivity option to work, you need to have SSL certification on your web server. You will also need to configure your server to answer the HTTPS requests from your visitors. However, you need not have an authentic certificate as such. Even a self-signed certificate should do.
Full SSL – Strict
This is the most secure connectivity option you would ever opt for. In this connectivity option, you will have a secure SSL connection between the visitor to your site and CloudFlare in addition to a secure connection between your web server and CloudFlare as well.
The significant difference between the Full SSL connection and a Full Strict Connection is the latter would need you to have an authenticated certification installed on your web server. Your server should be configured to answer the HTTPS requests. But, the SSL certificate needs to be a valid one. A self-signed certificate will not work here. You need to go with an SSL certificate that is signed by a certificate authority. The certificate authority must be the one trusted by CloudFlare.
If you are using an SSL certificate generated and trusted by CloudFlare, you may not need to install it on your web server. You can create a self-signed certificate and make use of it on your server for an end to end encryption.
Strict SSL – Only Origin Pull
This mode is available for Enterprises only. The SSL option will work similarly as the Full SSL Strict option. The choice will upgrade all your connections between CloudFlare the origin of your web content from HTTP to HTTPS. The link will be over HTTPs even if the request is over HTTP.
You can use the Origin CA certificates for both Full and Full Strict modes> The Origin CA certificates are generated by CloudFlare and are also trusted by CloudFlare.
The Concluding Thoughts
Well, we assume we have been of help in understanding the differences between different SSL options on CloudFlare SSL. We presume the inputs provided in the above discussion would have provided you with a bright idea on how to use the different SSL options with your CloudFlare settings.
If still in doubt, do share your issues with us through the comments section here below.
