Cloudflare Free SSL/TLS
Encrypting as much web traffic as possible to prevent data theft and other tampering is a critical step toward building a safer, better Internet. We’re proud to be the first Internet performance and security company to offer SSL protection free of charge.
Want to learn more? View Plans & Pricing
SSL (Secure Socket Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This secure link ensures that all data transferred remains private. It’s also called TLS (Transport Layer Security). Millions of websites use SSL encryption everyday to secure connections and keep their customer’s data safe from monitoring and tampering.
Why Use SSL?
Every website on the Internet should be served over HTTPS. Here’s why:
Performance: Modern SSL can actually improve page load times.
Search Ranking Boost: Search engines favor HTTPS websites.
Security: Encrypting traffic with SSL ensures nobody can snoop on your users’ data.
Trust: By displaying a green lock in the browser’s address bar, SSL increases visitor’s trust.
Regulatory Compliance: SSL is a key component in PCI compliance.
HTTPS isn’t what it used to be. It’s faster, more secure, and used by more websites than ever before. SSL enables HTTP/2, which has the potential to make websites up to two times faster with no changes to existing codebases. Modern TLS also includes performance-oriented features like session resumption, OCSP stapling, and elliptic curve cryptography that uses smaller keys (resulting in a faster handshake). TLS 1.3 reduces latency even further and removes insecure features of TLS making HTTPS more secure and performant than any previous version of TLS and its non-secure counterpart, HTTP.
Cloudflare has even worked to improve the performance of OpenSSL. We implemented ChaCha20-Poly1305, a cipher suite that runs three times faster than AES-128-GCM on mobile devices. We care about performance.
Modes of Operation
Cloudflare SSL operates in different modes depending on the level of security required and the amount of configuration you’re willing to do. Traffic to the end user will always be encrypted, which means your website will always enjoy the benefits of HTTPS. However, traffic between Cloudflare and your origin server can be configured in a variety of ways.
Flexible SSL
Flexible SSL encrypts traffic from Cloudflare to end users of your website, but not from Cloudflare to your origin server. This is the easiest way to enable HTTPS because it doesn’t require installing an SSL certificate on your origin. While not as secure as the other options, Flexible SSL does protect your visitors from a large class of threats including public WiFi snooping and ad injection over HTTP.
Full SSL
Full SSL mode provides encryption from end users to Cloudflare and from Cloudflare to your origin server. This requires an SSL certificate on your origin server. In Full SSL mode, you have three options for certificates to install on your server: one issued by a Certificate Authority (Strict), one issued by Cloudflare (Origin CA), or a self signed certificate. It is recommended that you use a certificate obtained through Cloudflare Origin CA.
Origin CA
Origin CA uses a Cloudflare-issued SSL certificate instead of one issued by a Certificate Authority. This reduces much of the friction around configuring SSL on your origin server, while still securing traffic from your origin to Cloudflare. Instead of having your certificate signed by a CA, you can generate a signed certificate directly in the Cloudflare dashboard.
Cloudflare SSL operates in different modes depending on the level of security required and the amount of configuration you’re willing to do. Traffic to the end user will always be encrypted, which means your website will always enjoy the benefits of HTTPS. However, traffic between Cloudflare and your origin server can be configured in a variety of ways.
Setting Up Cloudflare Is Easy
Set up a domain in less than 5 minutes. Keep your hosting provider. No code changes required.
Trusted by millions of Internet properties
