SSL and Encryption
SSL/TLS is the encryption layer that protects data in transit between your visitors, the Cloudflare edge, and your origin server. Cloudflare provides free SSL for every domain, making HTTPS accessible without managing certificates yourself.
Why This Matters
Without HTTPS, data between your users and your server is sent in plain text — visible to anyone on the network. Cloudflare makes HTTPS automatic and free.
How Cloudflare SSL Works
Cloudflare sits between your visitors and your origin server, handling two separate encrypted connections:
flowchart LR
USER["Visitor\n(Browser)"] -->|"1. HTTPS\n(Cloudflare cert)"| EDGE["Cloudflare Edge"]
EDGE -->|"2. HTTPS\n(Origin cert)"| ORIGIN["Your Origin\nServer"]
style EDGE fill:#f6821f,color:#fff,stroke:#e5711e
style USER fill:#2563eb,color:#fff,stroke:#1e40af
style ORIGIN fill:#6b7280,color:#fff,stroke:#4b5563
| Connection | Certificate | Managed By |
|---|---|---|
| Visitor ↔ Cloudflare Edge | Universal SSL (free, auto-issued) | Cloudflare |
| Cloudflare Edge ↔ Origin | Origin certificate or Let's Encrypt | You (or Cloudflare Origin CA) |
What You Will Learn
| Lesson | What It Covers |
|---|---|
| SSL/TLS and Universal SSL | Encryption modes, Universal SSL, and certificate management |
| Post-Quantum Cryptography | Quantum-resistant encryption on Cloudflare's network |
Prerequisites
- Domain added to Cloudflare with proxied DNS records (Module 1)