Reference
For more on Cloudflare SSL/TLS, refer to these articles:
- Cipher suites: Consider information about supported cipher suites, how to meet your security requirements, and how to troubleshoot compatibility and other issues.
- TLS protocols: Cloudflare supports a variety of TLS protocols, ranging from TLS 1.0 to TLS 1.3.
- Certificate and hostname priority: Learn about how Cloudflare decides which certificate (and the associated SSL/TLS settings) apply to individual hostnames.
- Certificate authorities: Learn more about the certificate authorities Cloudflare uses to issue Universal, Advanced, or SSL for SaaS certificates.
- Browser compatibility: Review information about browser compatibility for the different Cloudflare SSL offerings.
- Migration guides: These guides walk you through the migration processes associated with various changes in Cloudflare’s SSL/TLS infrastructure.
- Certificate pinning: Learn why Cloudflare does not support HTTP public key pinning (HPKP) and consider an alternative solution to prevent certificate misissuance.
- Certificate statuses: Certificates statuses show which stage of the issuance process each certificate is in.
- Validation backoff schedule: Consider what happens if a domain control validation (DCV) fails and what schedule Cloudflare follows for new attempts and backoff.
- Validation options: All certificates issued by Cloudflare - Universal, Advanced, and Custom Hostname - are Domain Validated (DV) certificates.
- Validity periods: Review information about available validity periods for your Cloudflare Advanced Certificates.