The modes listed below control the scheme (
https://) that Cloudflare uses to connect to your origin web server and how SSL certificates presented by your origin will be validated.
If possible, Cloudflare strongly recommends using Full or Full (strict) modes to prevent malicious connections to your origin.
For more details about how your encryption mode fits into the bigger picture of SSL/TLS protection, refer to Get started.
Available encryption modes
Update your encryption mode
To change your encryption mode in the dashboard:
- Log in to the Cloudflare dashboard and select your account and domain.
- Go to SSL/TLS.
- Choose an encryption mode.
To adjust your encryption mode with the API, send a
PATCH request with the
value parameter set to your desired setting (
Your available values depend on your zone’s plan level.
If you are experiencing
ERR_SSL_VERSION_OR_CIPHER_MISMATCH errors, refer to this community thread.