Opportunistic Encryption
Opportunistic Encryption allows browsers to access HTTP URIs over an encrypted TLS channel. It’s not a substitute for HTTPS, but provides additional security for otherwise vulnerable requests.
Use HTTPS when both strong encryption and authentication are required. HTTP Opportunistic Encryption provides a means of enabling TLS when needed for other protocols such as HTTP/2. It does not provide the same indications of security as HTTPS (the green lock icon in most browser address bars).
| Free | Pro | Business | Enterprise | |
|---|---|---|---|---|
Availability | Yes | Yes | Yes | Yes |
You do not need to configure your origin web server to support Opportunistic Encryption. All it requires is updating your settings in the Cloudflare dashboard.
To enable Opportunistic Encryption in the dashboard:
- Log in to your Cloudflare account ↗ and go to a specific domain.
- Go to SSL/TLS > Edge Certificates.
- For Opportunistic Encryption, switch the toggle to On.
To adjust your Opportunistic Encryption settings with the API, send a PATCH request with opportunistic_encryption as the setting name in the URI path, and specify the value parameter with your desired setting ("on" or "off").