I have multiple subdomans, cloudflare will only let me use SSL on one, how to pick the one I want to use SSL with? should I use DNS only instead of proxied?
I am not sure exactly what you mean. Cloudflare’s Universal Certificate will cover any first level subdomain
*.domain.com, but you still need a certificate on your server.
I’m referring to the flexible ssl that does not require any certificate on the server as in here
That’s not the case.
why such an option exists then? what is a good use case for it?
Is can be used in, for example, a non-production environment where there is no alternative. It is not, however, recommended on a production site and should especially not be used if there is any user input such as forms or logins.
Honestly? Because it’s a nice marketing stunt. Most people are not really concerned by proper security but rather convenience. Cloudflare can say they offer SSL to customers who have no idea what SSL requires, how it works, what proper encryption means and who don’t really want to configure a certificate on their sites.
In that way it leaves the impression the site is secure, as the first leg to Cloudflare is actually encrypted, even if everything after Cloudflare is just as insecure as it was throughout the 2000s when everyone happily sent everything in plain text all across the world.
The entire feature is essentially an encryption breaker and renders encryption somewhat pointless. Have tried to address this quite a few times but nobody is too hyped to deprecate that marketing gimmick.
It also subverts the attempts of browser vendors to make SSL mandatory.
Feel free to vote and participate at Header indicating encryption status of the origin connection
This topic was automatically closed after 30 days. New replies are no longer allowed.