[agwa]

> We're on track to roll out SSL for all CloudFlare customers by mid-October. When we do, the number of sites that support HTTPS on the Internet will more than double

To be secure, won't this require your customers to set up HTTPS between CloudFlare and their hosting providers, which will require additional manual setup with their hosting provider, assuming they even support HTTPS? It seems rather optimistic to assume that enough customers can/will do this to result in a doubling of sites supporting HTTPS on the Internet.

[corobo]

You can use a self signed cert between CloudFlare and your server by the looks of it. The optimistic point though I agree on. Hopefully there's some way of telling if your traffic from CF to origin is secure.

Wouldn't want the next big community to be fake-secure to save a few quid

Source: https://support.cloudflare.com/hc/en-us/articles/200170416-W...

[agwa]

Thanks for the link. I'm really surprised by the presence of the "flexible" option since it provides little more than a facade of security. (A self-signed cert is also insecure, though less so, unless there's some way to pin it on the CloudFlare side.)