Understanding Cloudflare SSL Modes

Updated 25 February 2026 11 views SSL & Security

Cloudflare SSL/TLS Encryption Modes

If you use Cloudflare as your DNS provider or CDN, it is critical to understand the different SSL modes and choose the correct one. Using the wrong mode can cause redirect loops, security vulnerabilities, or broken sites.

The Four SSL Modes

1. Off (Not Secure)

No encryption between visitors and Cloudflare, or between Cloudflare and your server. Never use this. Your site will only be accessible over HTTP.

2. Flexible

Encrypts traffic between visitors and Cloudflare, but traffic between Cloudflare and your SillyHost server is not encrypted (HTTP). This is better than nothing but is not recommended because your data is exposed between Cloudflare and your server.

  • Can cause infinite redirect loops if your server also tries to force HTTPS.
  • Gives a false sense of security — data is unencrypted for part of its journey.

3. Full

Encrypts traffic between visitors and Cloudflare, and between Cloudflare and your server. However, Cloudflare does not verify the authenticity of your server's SSL certificate. This means a self-signed or expired certificate will be accepted.

4. Full (Strict) — Recommended

Encrypts all traffic and verifies that your server has a valid, trusted SSL certificate. This is the most secure option and is what we recommend for all SillyHost customers.

  • Since SillyHost provides free AutoSSL certificates, your server already has a valid certificate installed.
  • Full (Strict) ensures end-to-end encryption with proper certificate verification.

How to Set Your SSL Mode

  1. Log in to your Cloudflare dashboard.
  2. Select your domain.
  3. Go to SSL/TLS from the left sidebar.
  4. Under Overview, select Full (Strict).

Fixing Redirect Loops

If your site is stuck in a redirect loop after enabling Cloudflare, the most common cause is using Flexible SSL mode while your server also forces HTTPS. The fix is to switch to Full (Strict) mode. If you need to use Flexible temporarily, remove any HTTPS redirect rules from your .htaccess file.

Additional Cloudflare SSL Settings

  • Always Use HTTPS: Redirects all HTTP requests to HTTPS at Cloudflare's edge.
  • Automatic HTTPS Rewrites: Fixes mixed content by rewriting HTTP URLs to HTTPS.
  • Minimum TLS Version: Set to TLS 1.2 for a good balance of security and compatibility.

Was this article helpful?

Let us know so we can improve our docs.

Back to SSL & Security All Categories

Related Articles

How to Force HTTPS on Your Website

Force all website traffic to use HTTPS using .htaccess rules, WordPress settings, or Cloudflare.

12 views

Understanding SSL Certificates

Learn what SSL certificates are, how they work, and why every website needs one for security and SEO.

11 views

How to Set Up .htaccess Security Rules

Implement security rules in your .htaccess file to protect against common attacks and vulnerabilities.

11 views

How SSL Is Included Free with Your Hosting

Learn how SillyHost provides free SSL certificates through AutoSSL with automatic installation and renewal.

10 views