HomeStatusSupport

Cloudflare SSL Configuration: Flexible vs. Strict Mode

Cloudflare is a content delivery network that enhances the security and performance of websites. When setting up Cloudflare, you have the option to choose between Flexible SSL and Strict SSL. Understanding these options is crucial for selecting the best one for your website.

Cloudflare Flexible SSL

Flexible SSL allows non-secure websites (HTTP) to appear secure (HTTPS). Here’s how it works:

  • Connection Setup: Cloudflare establishes HTTPS connections with visitors, but communicates with your web server over HTTP.

  • No SSL Certificate Needed: You do not need to purchase an SSL certificate, and visitors will see the green padlock in their browsers.

Considerations

While Flexible SSL might seem appealing, it comes with significant drawbacks:

  • Partial Security: Visitors cannot verify if the site is fully secured, making it risky for entering sensitive information, such as credit card details.

  • Not Recommended: Cloudflare advises against using Flexible SSL, especially for websites that handle sensitive information.

Use Flexible SSL only if you cannot set up an SSL certificate on your server. It is not secure for sites with sensitive data.

Cloudflare SSL Strict Mode

Strict mode is intended for users with a valid SSL certificate. Here’s what you need to know:

  • Enhanced Security: When you set your encryption mode to Strict, Cloudflare encrypts traffic and checks the validity of your SSL certificate.

  • Secure Communication: This mode ensures that both the connection to your visitors and the connection to your server are secure.

Benefits

  • Fully Secure: Visitors will see HTTPS and a secure padlock, ensuring that sensitive information is protected.

  • Robust Protection: It prevents potential hijacking of connections by requiring valid certificates, enhancing overall security.

For the best security, always choose Strict mode, especially for applications that handle sensitive data.

Conclusion

  • Always Use Strict Mode: Given that obtaining an SSL certificate is now free (e.g., through Let's Encrypt), it’s advisable to implement Strict mode for optimal security.

  • Avoid Flexible SSL: Unless absolutely necessary, do not use Flexible SSL for any site that requires secure communication.

By prioritizing Strict mode, you enhance your website's security and build trust with your visitors.

PreviousHow to Use Cloudflare on Your DomainNextHow to Flush the Cloudflare Cache

Last updated

Was this helpful?