Encryption modes
Your zone’s SSL/TLS Encryption Mode controls how Cloudflare manages two connections: one between your visitors and Cloudflare, and the other between Cloudflare and your origin server.
flowchart LR accTitle: SSL/TLS Encryption mode A[Browser] <--Connection 1--> B((Cloudflare))<--Connection 2--> C[(Origin server)]
If possible, Cloudflare strongly recommends using Full or Full (strict) modes to prevent malicious connections to your origin.
For more details on how encryption modes fit into the bigger picture of Cloudflare SSL/TLS protection, refer to Concepts.
To change your encryption mode in the dashboard:
- Log in to the Cloudflare dashboard and select your account and domain.
- Go to SSL/TLS.
- Choose an encryption mode.
To adjust your encryption mode with the API, send a PATCH
request with ssl
as the setting name in the URI path, and the value
parameter set to your desired setting (off
, flexible
, full
, strict
).