Cloudflare SSL ? How to work

The main difference between a free and paid CloudFlare Universal SSL account is that the free version will only work on modern browsers: it will not support Internet Explorer on Windows XP or Android pre-Ice Cream Sandwich. Site owners can, however, add a banner to their sites warning users that they are using an outdated browser.

 “CloudFlare’s paid plans have always and will always support both modern and legacy browsers,” the company said.

Sites that do not have SSL will default to CloudFlare’s Flexible SSL mode, “which means traffic from browsers to CloudFlare will be encrypted, but traffic from CloudFlare to a site’s origin server will not.” As a result, CloudFlare recommends a certificate on Web servers “so we can encrypt traffic to the origin.”

CloudFlare will publish a blog post later today with instructions on how to set that up. “Once you’ve installed a certificate on your Web server, you can enable the Full or Strict SSL modes which encrypt origin traffic and provide a higher level of security,” the company said.


Existing customers should be provisioned for Universal SSL within 24 hours, though anyone who signed up via a CloudFlare partner will have to wait a bit longer due a technical limitation. New customers will have to wait 24 hours for the free version; paying customers get it automatically.

“Having cutting-edge encryption may not seem important to a small blog, but it is critical to advancing the encrypted-by-default future of the Internet,” CloudFlare concluded. “Every byte, however seemingly mundane, that flows encrypted across the Internet makes it more difficult for those who wish to intercept, throttle, or censor the Web. In other words, ensuring your personal blog is available over HTTPS makes it more likely that a human rights organization or social media service or independent journalist will be accessible around the world.”