I have seen that there is a tutorial here saying that Flexible SSL Mode shouldn’t be used because the connection from CF to origin server isn’t secured.
I then thought: why doesn’t the Flexible mode check the origin first if the secure connection could be made through port 443, then fallback to port 80 if the origin doesn’t respond? Because there are times that we have multiple subdomains and not all of them can be connected with https enabled for whatever reason, thus we need to set SSL mode to Flexible.
I know we can use Page Rules to force Full SSL mode for particular URLs but wouldn’t it be safer overall and easier that Cloudflare just check the origin first?
Also, the term “Flexible” is a bit misleading in my opinion. At first I think it means that connection from Cloudflare to origin can be made via both port 80 and 443 whichever is available but it turns out that there will be no secure connection to origin at all. Please correct me if I’m wrong.