Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?

  • Mailstorm@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I’m either reading this wrong or there’s a disconnect in knowledge. If you have your own SSL cert and do the termination of that on your end, CF cannot do any MITM without an error on the user’s end.

    However, if your just setting up an a record or whatever to your server that isn’t doing ssl termination, then yes they are mitm

    • Darkassassin07@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Cloudflares Web Application Firewall or ‘WAF’ is a reverse proxy that sits in front of your server issuing it’s own certs valid for your domain (cloudflare is a CA, and has control over your DNS to get others to issue certs for them). They then provide caching alongside DDOS protection, geoblocking, various customizable firewall settings, as well as just masking your servers ip with their own. This is their primary service aside from just basic DNS/registrar services.