Cloudflare supports several encryption modes for SSL/TLS, each with different levels of security and compatibility. The best mode for you will depend on your specific needs and requirements. Here are some of the most commonly used encryption modes in Cloudflare:
- Full SSL: This mode encrypts traffic between the user and Cloudflare, as well as between Cloudflare and the origin server. However, it does not validate the origin server’s SSL certificate, which could potentially leave your website vulnerable to man-in-the-middle attacks.
- Full SSL (Strict): This mode encrypts traffic between the user and Cloudflare, as well as between Cloudflare and the origin server, and also requires a valid SSL certificate on the origin server. This provides the highest level of security, but may require additional configuration on the origin server.
- Flexible SSL: This mode encrypts traffic between the user and Cloudflare, but not between Cloudflare and the origin server. This is the easiest mode to set up, but provides the least amount of security.
- Off: This mode provides no encryption, and should only be used if your website does not handle sensitive information.
In general, we recommend using Full SSL (Strict) mode if possible, as it provides the highest level of security. However, you should also consider the impact on your website’s performance, as encryption can add some overhead.
