Is cloudflare free SSL have security Issue?

Last night I have study about SSL and I found a Big article on Moz Blog, where the author mentioned that Cloudflare has security Issue due to Incomplete encryption, Let’s suppose I have Installed Free SSL on my website (site Link would be provided if needed) then Cloudflare encrypts the connection between the visitor and the cached version of your site on Cloudflare, but it doesn’t encrypt the connection between your site and your server. While this means that site visitors can feel secure while visiting your site, there is still the chance that your server connection will be compromised. and there is chance of Hacking increase in Free version of Cloudflare SSL, So I want to know from Support member that how much reality present in this article, Article Source: 🥇 Comparing HTTPS Services: Traditional vs Let's Encrypt vs Cloudflare - Moz

Waiting for the response.

Why Wait
Don’t wait for an answer, find it fast! Search for #CommunityTip error:
Example: #CommunityTip 521

Test Before You Post
Unsure of the issue? Test before posting using the Cloudflare Diagnostic Center: Diagnostic Center | Check SSL and Test Website Security | Cloudflare

This is why we always discourage users to use Flexible SSL mode in Cloudflare. Flexible SSL mode works exactly what you just described.

Full (strict) mode is the only option to go for, which ensures connection between Cloudflare and server is also encrypted and the SSL cert in the server is trusted (cannot be self-signed cert, expired cert, etc.)

1 Like

So Sir I have a client Site (Long term Project) site link: He is using free “flexiable” SSL plan should I have to forced him to Upgrade his plan for security point, I need your advice, kindly guide me little bit more!

An upgrade should not be necessary in the first place as his account should come properly secured by default.

But as @erictung already elaborated, the mode you described is insecure and should never be used to begin with. As long as the encryption mode is not “Full strict” the site will be insecure because there either won’t be any encryption at all or just a broken, unverified one.

And just to answer your title, yes, Cloudflare does have a security issue with “Flexible” in this context.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.