top | item 8149620

(no title)

user3 | 11 years ago

Most of the websites wont encrypt the link from Cloudflare to the server, ultimately defeating the purpose of SSL aside from a better search ranking.

discuss

igul222|11 years ago

It's not a problem if those connections use self-signed certificates, right? If that's the case, then setting up SSL from CloudFlare to your servers should be pretty easy.

agwa|11 years ago

It would be free, but not necessarily easy, as it would still entail configuring your web server to use SSL, and that might not even be an option if you're using shared hosting.

(Aside: self signed certs don't protect the connection from active attacks unless CloudFlare pins the cert. I'm mainly concerned with passive eavesdropping though.)

guyht|11 years ago

Could you elaborate on this. My impression was that connections between data centres (e.g. in the case of using an EC2 instance with Cloudflare) were already very secure and therefore do not require SSL.

eli|11 years ago

Depends what you're trying to protect against. Those links are notably very insecure against the NSA.

mmohebbi|11 years ago

Agree with others that it depends on what you are trying to protect against. It's also worth reading through the options that Cloudflare supports for origin server communication:

http://blog.cloudflare.com/introducing-strict-ssl-protecting...

ihsw|11 years ago

What's the difference between this and using AWS ELB for HTTPS termination?

simpleigh|11 years ago

Communication from CloudFlare to your server is over the open Internet, whereas that from an ELB to an EC2 instance is within Amazon's datacentre.