CloudFlare enables SSL on all domains for free

[Leyton]

CloudFlare has just launched its "Universal SSL" initiative, which enables wildcard SSL on all domains using the CloudFlare reverse proxy.

Blog post: https://blog.cloudflare.com/introducing-universal-ssl/

I'm not a fan of their "Flexible SSL" option, but I understand they'll be opening up the "Strict" options to free users as well, which makes things a little better.

 

[Epidrive]

This day marks the end of all Non-audited SSL vendors

 

[AMDbuilder]

Not necessarily, you still need to have an SSL certificate on the origin server or that traffic will be sent via http.  Unless I misread their post early today.

 

[Leyton]

Not necessarily, you still need to have an SSL certificate on the origin server or that traffic will be sent via http.  Unless I misread their post early today.

As I understand it, the Flexible SSL option (default, and enabled for all accounts), works like this:

• If the origin server has no SSL: CloudFlare presents HTTPS to the user, and serves from HTTP on origin.
  Eg: User -> CloudFlare (HTTPS) -> Origin (HTTP)
  
• If the origin presents a self signed SSL: CloudFlare ignores any warnings, and tries to serve HTTPS all the way through.
  Eg: User -> CloudFlare (HTTPS) -> Origin (HTTPS)
  
• If the origin presents a valid signed cert: CloudFlare serves as above.
  Eg: User -> CloudFlare (HTTPS) -> Origin (HTTPS)
  

This behaviour only changes if you switch from the flexible option to one of the SSL-only options.

 

[howardsl2]

"When using Flexible SSL with Cloudflare, your origin server will *always* accept requests over HTTP (port 80)", Quoted from CF Knowledge base.