What do the SSL options (Off, Flexible SSL, Full SSL, Full SSL Strict) mean?

The SSL options described below are indicated in order of how secure they off starting with the least secure (Off) and going to the most secure option (Full SSL Strict). 

Can't let CloudFlare manage your SSL keys? Please look at Keyless SSL.

Don't have SSL on your site at all right now? Please look at the free Universal SSL option.

How CloudFlare's Standard SSL works:

CloudFlare SSL Settings - Full, Flexible, Off

 

Less Secure options:

 

Off -- no SSL between the visitor and CloudFlare, and no SSL between CloudFlare and your web server  (all HTTP traffic)

     Visitor CloudFlare  Origin     

Flexible SSL -- SSL between the visitor and CloudFlare -- visitor sees HTTPS on your site, but no SSL between CloudFlare and your web server. You don't need to have an SSL cert on your web server, but your visitors will still see the site as being HTTPS enabled.

     Visitor CloudFlare  Origin    

NOTE: Flexible SSL is not recommended if you have any sensitive information on your website.  This option should only be used as a last resort if you are not able to setup SSL on your own web server. This option is far less secure than the Full SSL option indicated below.

 

Secure options:


Full SSL  --  SSL between the visitor and CloudFlare -- visitor sees HTTPS on your site, and SSL between CloudFlare and your web server. You'll need to have your own SSL cert or self-signed cert at the very least.

     Visitor CloudFlare  Origin    

Full SSL (Strict) -- SSL between the visitor and CloudFlare -- visitor sees HTTPS on your site, and SSL between CloudFlare and your web server. You'll need to have a valid SSL certificate installed on your web server. This certificate must be signed by a certificate authority, have an expiration date in the future, and respond for the request domain name (hostname). 

 

SSL NOT WORKING? 
If your SSL is not working, please review these common reasons and how to resolve them here: 

My SSL isn't working. Why not?

NOTE:  CloudFlare needs to be active on the root domain -- (example.com) OR on the WWW subdomain (www.example.com)  for the SSL to properly verify when you first add SSL support.

Have more questions? Submit a request

Comments

Article is closed for comments.