How to get an A+ Rating with Cloudflare SSL

SSL certificates provide safe access to websites and other services. As the SSL technology has evolved, new standards have been introduced to increase the security. Modern clients support the new standards, but some providers still setup their certificates with support for older clients also.

SSL/TLS version 1.3 is the most recent standard, but we recommend supporting TLS version 1.2 and above. SSL certificates with support for lower TLS version may experience issues with external services, API connections and such.

To check the quality of an SSL certificate, we recommend using the SSL Server Test by Qualys, also just called SSL Labs. This test analyzes the setup, with version check and more, to provide a rating from A+ to F.

When using Cloudflare‘s SSL, the default certificate setup support SSL/TLS version 1.0 and above. This currently gives a B rating in the SSL Server test.

Cloudflare SSL test, B rating

Time needed: 5 minutes

Here is how to get an A+ rating with Cloudflare SSL.

  1. Login to the Cloudflare dashboard and setup SSL/TLS

    Login to the Cloudflare dashboard, click the “SSL/TLS” option and the “Edge Certificates” tab.

  2. Activate HTTP Strict Transport Security

    In the “HTTP Strict Transport Security (HSTS)” section, click the “Enable HSTS” button. Read the information displayed and confirm that you understand it in the bottom of the pop-up window. Click the “Next” button and then select to “Enable HSTS” and set the “Max Age Header” to 6 months. The other options aren’t necessary, so simply click the “Save” button below.

  3. Set TLS 1.2 as minimum version

    In the “Minimum TLS Version” section, select “TLS 1.2”.

Test again

Now run a new test in SSL Server Test, using the “Clear cache” link, and you will get an A+ rating.

More reading

If you read this article, but you haven’t connected your site to Cloudflare, do check out our guide on how to set up WordPress site with Cloudflare.