Cloudflare SSL termination allows the user to imporve the speed and accuracy of their websites to a huge extent. Bobcares can give you a complete note on Cloudflare SSL Termination and can answer all questions no matter the size, as part of our Server Management Services.

Interested in learning more? Continue reading and contact us if you have any additional questions.

SSL Termination

Since SSL is only negotiated at the edge, terminating SSL at the Cloudflare level and sending HTTP-only traffic from Cloudflare to origin improves performance.

It is usual to be unsure whether to disable the letsencrypt certificate to use the “flexible certificate” offered by Cloudflare. It can save money by avoiding expensive roundtrips between the edge and the origin.  It’s not so much a CPU (origin machine) issue. It’s more about the difference in speed between the edge and the origin. Follow the topics mentioned below to get a clear picture of this.

SSL termination and HTTP/2 to increase speed

Cloudflare not only provides SSL termination but also HTTP/2 in tandem with SSL. This is what causes the speed increase, especially if the user can cache the majority of their site’s information (static files, image files, etc). HTTP/2 enhances the HTTP protocol in a variety of ways.

As a result, if a user can upgrade the webserver to handle HTTPS+HTTP/2, this will be the key enhancement that will aid any performance boost. If the user is unable to support HTTP/2, the next choice is Cloudflare SSL termination with HTTP/2 support.

And if the user is willing/capable of running both, Cloudflare HTTPS+HTTP/2 termination and HTTPS+HTTP/2 between them and the origin, the site will be exceptionally fast and responsive.

TLS negotiation

TLS negotiation is still a series of packets that occur before the first byte of actual data is delivered, therefore bringing it closer to the user speeds up session formation. All else being equal, the less physical distance the packets have to travel, the faster it will be.

In terms of connections from the CDN to the origin, Cloudflare should use the same few sessions (from each PoP) so that it does not have to re-establish on the client’s behalf. CloudFlare’s “Railgun” WAN accelerator makes terminating TLS on the CDN even more advantageous.

However, it is encouraged to think twice before disconnecting Let’s Encrypt on the origin for Cloudflare SSL termination. Encrypting traffic between Cloudflare and the local web server has no effect on performance.

Static content things to note

It is not advised to reduce security for cold cache cases only to remove an SSL handshake. The user will have sufficient cache-control headers and will cache this content for a period of time.

Avoid any micro-optimization that seeks to disable encryption between the edge and origin. It disables this for dynamic material to save a few RTTs. Cloudflare can already significantly optimize this and maintain a connection open to the origin for an extended amount of time. It disables SSL handshakes, increases the congestion window size, and so on.

[Need assistance with similar queries? We are here to help]

Conclusion

To conclude Cloudflare SSL termination SSL is in a negotiation only at the edge, so exiting SSL at the Cloudflare level and sending HTTP-only traffic from Cloudflare to your origin will improve performance.