HTTPS protects data in transit. Cloudflare terminates TLS at the edge with Universal SSL and supports modern ciphers and HTTP/2/3.
Chip Architect Note: TLS performance on CPUs benefits from AES-NI/VAES and SHA extensions. Smaller certificate chains and OCSP stapling reduce handshake latency; HTTP/3 shifts work toward UDP stacks.
TLS handshake (simplified)
- ClientHello: supported versions/ciphers and SNI.
- ServerHello: chosen cipher; server certificate; key exchange.
- Finished: keys established; encrypted traffic begins.
Certificates
- Universal SSL: Automatic certs for your domains.
- Origin certificates: Secure origin over TLS even if private CA.
- HSTS: Enforce HTTPS in browsers.