Aug 13, 2024 17:50:00

Cloudflare Introduces Automatic SSL/TLS Mode, Allowing Users to Automatically Select Connection Mode to Origin Servers

Cloudflare, which provides services such as CDN and DDoS protection, has announced the introduction of an 'Automatic SSL/TLS mode' that automatically determines whether SSL and TLS are available for connections to origin servers.

Introducing Automatic SSL/TLS: securing and simplifying origin connectivity

https://blog.cloudflare.com/introducing-automatic-ssl-tls-securing-and-simplifying-origin-connectivity

Cloudflare acts as a reverse proxy between users and servers, and enables fast responses by processing access from users around the world at the closest edge server. If the requested data is cached in the edge server, the data from the edge server is returned, and if there is no cache, the data is requested from the origin server, which is the original server. This is the basic mechanism.

Regarding the communication path between the user and Cloudflare, SSL/TLS communication was possible if Cloudflare prepared a server certificate, but in order to make the communication between Cloudflare and the origin server SSL/TLS, settings on the origin server side were required, and it could not be changed by Cloudflare settings alone.

Starting August 8, 2024, the 'Automatic SSL/TLS' mode will be available to users who have set up the 'SSL/TLS Recommender' to notify them when stronger SSL/TLS modes are available. Automatic SSL/TLS is a setting in which Cloudflare sends requests to origin servers using various SSL/TLS modes and compares the returned data to find the 'highest level of secure SSL/TLS mode that can be used' and automatically apply it.

You can also manually switch the SSL/TLS level by selecting Custom SSL/TLS.

Although you still need to install a server certificate on your origin server, Automatic SSL/TLS allows Cloudflare to validate the returned data, reducing the risk of your site going down when switching SSL/TLS levels due to a misconfiguration.

After August 8, 2024, Automatic SSL/TLS will be selected by default if SSL/TLS Recommender is enabled. However, the SSL/TLS mode will not be automatically switched immediately, and the first scan will start on September 9, 2024. If you want to disable Automatic SSL/TLS while keeping SSL/TLS Recommender enabled, you will need to change the setting before the first scan.

Even if you don't have SSL/TLS Recommender enabled, Free and Pro plan users will begin migrating to Automatic SSL/TLS on September 16, 2024. After lower plan users have been successfully migrated, Business and Enterprise plan users will also be migrated.