Understanding Opportunistic Encryption

Learn how Opportunistic Encryption allows clients to use traditionally insecure protocols over secure channels like TLS.


Similar to STARTTLS for SMTP, HTTP Opportunistic Encryption allows clients to access HTTP URIs over an encrypted TLS channel.  HTTP Opportunistic Encryption allows use of TLS for other protocols. For instance, HTTP/2 requires TLS.

Opportunistic Encryption is not a replacement for HTTPS.  Use HTTPS when both strong encryption and authentication are required.   Opportunistic Encryption does not provide the same indications of security as HTTPS such as the green lock icon in most browser address bars.

You do not need to configure your origin web server to support Opportunistic Encryption.

Enable Opportunistic Encryption by selecting On in the Opportunistic Encryption section of the Cloudflare SSL/TLS app.

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk