Cloudflare Pages not using domain's SSL settings

kavin · December 7, 2021, 12:49am

Hi there,

This happens on piped.kavin.rocks, is this a known issue?

WalshyMVP · December 7, 2021, 12:50am

Could you be more specific? What settings are not being respected?

kavin · December 7, 2021, 1:15am

It seems to affect all SSL settings:

Minimum TLS version
HSTS
HTTP to HTTPS redirects

Cyb3r-Jak3 · December 7, 2021, 1:37am

What are your SSL settings?
I tested with my site and yours and for mine the minimum TLS version, HTTP to HTTPS, and HSTS are all present. HTST is probably because of _headers file though.

kavin · December 7, 2021, 10:16am

They’re not:
curl -I http://piped.kavin.rocks
This returns 200, without being redirected to https
curl -I -s https://piped.kavin.rocks | grep “strict-transport-security”
This has no output, which means the header isn’t added.

I have a minimum tls version of 1.2, and this doesn’t fail:
curl -I --tls-max 1.1 https://piped.kavin.rocks

Cyb3r-Jak3 · December 7, 2021, 9:50pm

Sorry, that is what I meant. My website works fine and yours does not. Something I did notice it that it also going through HTTP/1.1.

kavin · December 16, 2021, 9:26am

I fixed it by removing and re-adding the custom domain. Perhaps, this was caused due to me being an early tester of Cloudflare pages.

Topic		Replies	Views
Http and https both working now Security	4	2398	November 15, 2020
SSL/TLS have I got it right! Security	3	1857	February 27, 2020
Hey Fellas Security	4	3082	October 9, 2020
What SSL/TLS settings should I add on the origin server and what settings should I add on Cloudflare? Security dash-ssl-tls , dash-getting-started	8	2711	August 3, 2019
Flexible SSL Settings not working as expected General	4	656	December 4, 2023

Cloudflare Pages not using domain's SSL settings

Related topics