March 8, 2016

Ensuring Cloudflare SSL / TLS is secure

You may have seen online some articles talking about if its secure. Scott Helme wrote a really good article. Here is a easy to follow method to ensure its as secure as possible. We will go through each one but in summary

When you use SSL / TLS in strict mode you require a valid certificate between the server and cloudflare. There are a number of free certificate authorities including lets encrypt and startcom.

strict ssl

For times when you need full SSL / TLS support use strict transport security.

Strict Transport Security

If you have a business plan its worth turning on the PCI compliant TLS 1.2 ciphers.

Finally use TLS origin authentication. In simple terms this works by Cloudflare presenting a certificate to the back end server which is then validated. This prevents attackers sidestepping the cloudflare protection.

TLS origin
Before you turn it on you need to setup your webserver so it will work. There is a very simple guide on setting it up using Nginx here:

https://support.cloudflare.com/hc/en-us/articles/204494148-Setting-up-NGINX-to-use-TLS-Authenticated-Origin-Pulls

  • LinkedIn
  • Tumblr
  • Reddit
  • Google+
  • Pinterest
  • Pocket
Comments powered by Disqus