How does Cloudflare cache works while SSL is active?

dash-dns
dash-crypto
#1

If I am right SSL traffic is encrypted and the only thing you is the IP address the request is heading.
How does Cloudflare can cache websites with SSL enabled ?

  • I know DNS should be active on the target domain but I do not think that Cloudflare replaces website ssl with itself or does it ?
#2

Cloudflare effectively MITMs your traffic. So it’s encrypted client->CF and also CF->backend. At ‘rest’ on the Cloudflare infrastructure it is unencrypted and therefore cacheable.

I do not think that Cloudflare replaces website ssl with itself or does it ?

That’s actually exactly what it does.

1 Like
#3

If I may ask, can you please tell me what prevents Others from doing the same ? Chinese government, for example, they can easily manipulate data through this method and listen to encrypted traffic. What prevents them?

#4

Nothing and everything… But there are things you can implement such as DNSSEC, DANE etc to make sure only your server is accessed, not a middleman, and that only certs you trust are accepted.

1 Like
#5

they don’t have the key to decrypt the data

#6

As a MITM you don’t have to have a key, just a new ssl cert issued to the domain to re-encrypt everythin