# CloudFlare enables SSL on all domains for free



## Leyton (Sep 29, 2014)

CloudFlare has just launched its "Universal SSL" initiative, which enables wildcard SSL on all domains using the CloudFlare reverse proxy.

Blog post: https://blog.cloudflare.com/introducing-universal-ssl/

I'm not a fan of their "Flexible SSL" option, but I understand they'll be opening up the "Strict" options to free users as well, which makes things a little better.


----------



## Epidrive (Sep 29, 2014)

This day marks the end of all Non-audited SSL vendors


----------



## AMDbuilder (Sep 29, 2014)

Not necessarily, you still need to have an SSL certificate on the origin server or that traffic will be sent via http.  Unless I misread their post early today.


----------



## Leyton (Sep 29, 2014)

AMDbuilder said:


> Not necessarily, you still need to have an SSL certificate on the origin server or that traffic will be sent via http.  Unless I misread their post early today.


As I understand it, the Flexible SSL option (default, and enabled for all accounts), works like this:


If the origin server has no SSL: CloudFlare presents HTTPS to the user, and serves from HTTP on origin.
Eg: User -> CloudFlare (HTTPS) -> Origin (HTTP)

If the origin presents a self signed SSL: CloudFlare ignores any warnings, and tries to serve HTTPS all the way through.
Eg: User -> CloudFlare (HTTPS) -> Origin (HTTPS)

If the origin presents a valid signed cert: CloudFlare serves as above.
Eg: User -> CloudFlare (HTTPS) -> Origin (HTTPS)


This behaviour only changes if you switch from the flexible option to one of the SSL-only options.


----------



## howardsl2 (Sep 30, 2014)

"When using Flexible SSL with Cloudflare, your origin server will *always* accept requests over HTTP (port 80)", Quoted from CF Knowledge base.


----------

