Cloudflare's TLS modes explained:
1. Close: Visitors and CF go HTTP, CF also goes HTTP (but visitors still can access to CF via HTTPS after that, and CF will use the redirection command 301 or 302 directly to HTTP. Redirecting sends directly to the visitor, 302 is okay, but if CF sends a redirection command like 301, it's really bad for the visitor. The command gets offline forever in the browser server side.)2. Flexible: Visitors can access CF via HTTP or HTTPS, CF always goes via HTTP when accessing the source station.
3. Complete: When visitors access CF via HTTP, CF also accesses via HTTP, and when they access via HTTPS, CF also accesses via HTTPS (though it won't validate whether the source station certificate is authoritative and credible).
4. Complete (Strict): When visitors access CF via HTTP, CF also accesses via HTTP, and when they access via HTTPS, CF also accesses via HTTPS (and it will validate whether the source station certificate is authoritative and credible, even though the CF itself signed one-year certificate is not authoritative and credible on the public network, but CF trusts it).
5. Strict: Regardless of which visitors access via HTTP or HTTPS, CF will access via HTTPS (and validating whether the source station certificate is credible).
页:
[1]