Minor SSL Clarification


#1

Hi there. I’ve recently started trying out the free plan. I understand the reverse proxy consequences on domain names that appear etc. My question is this: I believe CF have responsibility for renewing my Universal SSL. Presumably I should, as normal, manage and renew the certificate on my origin server. Is this correct?

P.S. slightly off-topic but has CF adopted TLSv1.3 for its Universal SSL certs? I checked about a month ago and it hadn’t.


#2

Yes to both.


#3

As far as I know TLS 1.3 have been available on universal SSL certs for a couple of years (final version only since it was ratified recently obvs).