SSL Full Mode
Learning Focus
By the end of this lesson you will understand what Full SSL mode does and when to use it over Full (Strict).
What Full Mode Means
In Full mode, Cloudflare encrypts both legs of the connection (browser ↔ Cloudflare, Cloudflare ↔ origin), but does not validate the origin certificate. Self-signed certificates are accepted.
When to Use Full (Not Strict)
| Scenario | Use Full? |
|---|---|
| Testing with a self-signed cert | ✅ Temporarily |
| Cannot get a proper certificate yet | ✅ Short term only |
| Production deployment | ❌ Use Full (Strict) instead |
Risks
- Cloudflare accepts any certificate from your origin — even an attacker's
- Vulnerable to man-in-the-middle attacks between Cloudflare and origin
- Not recommended for production
warning
Full mode is better than Flexible (unencrypted), but Full (Strict) should be your production target.
Key Takeaways
- Full mode encrypts Cloudflare ↔ origin but does not validate the certificate.
- Use it only as a stepping stone while setting up proper certificates.
- Upgrade to Full (Strict) as soon as you have a valid certificate.
What's Next
- Continue to Full (Strict) for the recommended production configuration.