Full - SSL/TLS encryption modes
When you set your encryption mode to Full, Cloudflare allows HTTPS connections between your visitor and Cloudflare and makes connections to the origin using the scheme requested by the visitor. If your visitor uses
http, then Cloudflare connects to the origin using plaintext HTTP and vice versa.
Choose Full mode when your origin can support an SSL certification, but — for various reasons — it cannot support a valid, publicly trusted certificate.
Before enabling Full mode, make sure your origin allows HTTPS connections on port 443 and presents a certificate (self-signed, , or purchased from a Certificate Authority). Otherwise, your visitors may experience a .Depending on your origin configuration, you may have to adjust settings to avoid or .
To change your encryption mode in the dashboard:
The certificate presented by the origin will not be validated in any way. It can be expired, self-signed, or not even have a matching CN/SAN entry for the hostname requested.