How does edge SSL work, in detail?

We have an edge certificate in our cloudflare, and we have TLS enabled.

Some very old java client is not able to connect, possibly because it is asking for ciphers no longer supported.

Can anyone tell me, in detail, how the TLS transaction works, from start to finish?

Specifically, I need to know if the origin server participates in the TLS handshake on the client.


Does it go like this:

client → cloudflare (relay request to origin) TLS handshake → origin server

or does it goe
client → cloudflare server TLS handshake
(cloudflare → TLS handshake origin server)
client TLS established, get contents → cloudfglare server
(cloudflare server → get contents → origin server)
(origin server → push contents cloudflare server)
cloudflare server → push contents client

does it make sense?

In other words, when using the edge certificate, does the available protocols on the contents server have any bearing on the protocols used on the edge server?

A client initiates a connection with Cloudflare’s edge. If a connection to the origin is required (e.g. a request isn’t blocked by the WAF or served from cache) Cloudflare will open a connection to the origin server.


thank you csharff. so the TLS session is established between the client and cloudflare only. And cloudflare creates its own connection to the origin server behind the screens to relay the traffic?

That’s correct, as Cloudflare is a proxy service.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.