Skip to content

Encryption modes

Your zone’s SSL/TLS Encryption Mode controls how Cloudflare manages two connections: one between your visitors and Cloudflare, and the other between Cloudflare and your origin server.

flowchart LR
    accTitle: SSL/TLS Encryption mode
    A[Browser] <--Connection 1--> B((Cloudflare))<--Connection 2--> C[(Origin server)]

If possible, Cloudflare strongly recommends using Full or Full (strict) modes to prevent malicious connections to your origin.

For more details on how encryption modes fit into the bigger picture of Cloudflare SSL/TLS protection, refer to Concepts.

Available encryption modes

Update your encryption mode

To change your encryption mode in the dashboard:

  1. Log in to the Cloudflare dashboard and select your account and domain.
  2. Go to SSL/TLS.
  3. Choose an encryption mode.