Support for Cloudflare's Universal SSL


#1

Even though Cloudflare now supports SSL (SNI/ECDSA only) on free accounts with their Universal SSL program (https://blog.cloudflare.com/introducing-universal-ssl/), DreamHost’s panel still requires a paid account, limiting CloudFlare users to the less secure “Flexible SSL” option. It should be a simple change that could significantly improve security.


#2

Are you entirely convinced that an extraneous 3rd party should even be considered secure?

If they offer “less secure” options then they are implicitly insecure.


#3

While I’d be reluctant to use it with credit card data, it seems to do the same as some other CDNs, but I agree that their “Flexible SSL” ideally shouldn’t be available since it makes user think that it’s a secure connection when it’s plain HTTP between your server and theirs.


#4

Guys, I made a tutorial about setting a solid SSL (full SSL) using DreamHost and CloudFlare’s free plan. Have a look, it’ll solve your issue.
Enjoy, and your comments are much appreciated :slight_smile:
[hr]


#5

DreamHost only require a paid plan because their implementation was based on before CloudFlare introduced free SSL (long before). CloudFlare’s partner program does allow hosts to integrate the free SSL into their control panel so DreamHost just need to get around to doing it.

With regards to hekmat’s suggestion, I would advise anyone who isn’t technically knowledgeable to proceed with caution. DreamHost’s shared IP’s can change at any time although it’s rare.

For the best compatibility with CloudFlare’s SSL, it’s best to enable secured hosting using a self-signed certificate (free) in your Panel and then set CloudFlare to use the “Full” SSL. If you use WordPress this will save you a lot of hassle in the long-run.


#6

Thank you for the clarification. One is to wonder why DreamHost is being “lazy” about making the free cloudflare SSL available already…
As for the technique I explained in my link earlier, you’re totally correct about the IP change issue but I contacted DreamHost support and theoretically they WILL warn the user by Email before doing it… So basically you’d be warned and jut have to go change a few values, but thanks for the detail.