How does Cloudflare cache works while SSL is active?

If I am right SSL traffic is encrypted and the only thing you is the IP address the request is heading.
How does Cloudflare can cache websites with SSL enabled ?

  • I know DNS should be active on the target domain but I do not think that Cloudflare replaces website ssl with itself or does it ?

Cloudflare effectively MITMs your traffic. So it’s encrypted client->CF and also CF->backend. At ‘rest’ on the Cloudflare infrastructure it is unencrypted and therefore cacheable.

I do not think that Cloudflare replaces website ssl with itself or does it ?

That’s actually exactly what it does.

1 Like

If I may ask, can you please tell me what prevents Others from doing the same ? Chinese government, for example, they can easily manipulate data through this method and listen to encrypted traffic. What prevents them?

Nothing and everything… But there are things you can implement such as DNSSEC, DANE etc to make sure only your server is accessed, not a middleman, and that only certs you trust are accepted.

1 Like

they don’t have the key to decrypt the data

As a MITM you don’t have to have a key, just a new ssl cert issued to the domain to re-encrypt everythin

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.