Introducing Strict SSL: Protecting Against a On-Path Attack on Origin Traffic

Cloudflare introduces Full SSL (Strict) feature to enhance the security of customers' websites by validating the identity of the origin server. This prevents active snooping and modification of traffic on the Internet backbone. The new option is available for all paying customers, offering an additional layer of protection against on-path attacks. Cloudflare also upgraded its open source web server/reverse proxy called nginx to enable origin certificate validation and support SNI (Server Name Identification).