SSL certificates provide safe access to websites and other services. As the SSL technology has evolved, new standards have been introduced to increase the security. Modern clients support the new standards, but some providers still setup their certificates with support for older clients also.
SSL/TLS version 1.3 is the most recent standard, but we recommend supporting TLS version 1.2 and above. SSL certificates with support for lower TLS version may experience issues with external services, API connections and such.
To check the quality of an SSL certificate, we recommend using the SSL Server Test by Qualys, also just called SSL Labs. This test analyzes the setup, with version check and more, to provide a rating from A+ to F.
When using Cloudflare‘s SSL, the default certificate setup support SSL/TLS version 1.0 and above. This currently gives a B rating in the SSL Server test.
Time needed: 5 minutes
Here is how to get an A+ rating with Cloudflare SSL.
- Login to the Cloudflare dashboard and setup SSL/TLS
Login to the Cloudflare dashboard, click the “SSL/TLS” option and the “Edge Certificates” tab.
- Activate HTTP Strict Transport Security
In the “HTTP Strict Transport Security (HSTS)” section, click the “Enable HSTS” button. Read the information displayed and confirm that you understand it in the bottom of the pop-up window. Click the “Next” button and then select to “Enable HSTS” and set the “Max Age Header” to 6 months. The other options aren’t necessary, so simply click the “Save” button below.
- Set TLS 1.2 as minimum version
In the “Minimum TLS Version” section, select “TLS 1.2”.
Test again
Now run a new test in SSL Server Test, using the “Clear cache” link, and you will get an A+ rating.
More reading
If you read this article, but you haven’t connected your site to Cloudflare, do check out our guide on how to set up WordPress site with Cloudflare.
