Which SSL option is best in Cloudflare?

I heard that using Cloudflare the site loads faster, not only because it is served from a nearer server, but also because Cloudflare SSL loads before the one installed on your server… If so, and considering that the “Full (strict)” option requires a certificate on the source server, is it better to select the “Full” option?

Thanke

Not sure where you heard that but forget it :slight_smile: that’s not even inaccurate, it’s just wrong.

Absolutely not. The only sensible option is “Full strict”, everything else is either insecure or not encrypted at all.

Thank you Sandro… I don’t understand technology, but it makes sense to me that Cloudflare uploads a Cloudflare certificate faster than a certificate installed on another server. Why do you think that’s not the case?

At this point I use the “Full” option, which Cloudflare explains: “Encrypts end-to-end, using a self signed certificate on the server”. And as you can see: SSL Checker the certificate is correct. Why do you think is either insecure or not encrypted at all?

Thanke

Because there is no certificate upload in the first place. That’s not how it works and that’s why the whole description is misphrased from the start. Please read about how SSL and HTTP works to get a better picture here.

With full you actually have encryption but that encryption is not validated in any way and hence pointless. Anybody could hijack your traffic or replace the certificate and Cloudflare would perfectly accept that certificate. A self-signed certificate never is secure, which is also the reason every browser will display a warning in that context.

As mentioned already, if you need HTTPS “Full strict” is the only sensible and secure option.

Thank you Sandro… What does it mean to hijack traffic? In any case, no browser displays any warning when loading my site.

Thank you

Sure, because you get the proxy certificate, but you need a valid certificate on your server too and “Full strict” as encryption mode.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.