You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/policies/gateway/http-policies/http3.mdx
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,12 +2,12 @@
2
2
pcx_content_type: concept
3
3
title: HTTP/3
4
4
sidebar:
5
-
order: 2
5
+
order: 3
6
6
---
7
7
8
8
import { Details } from"~/components";
9
9
10
-
Gateway supports inspection of HTTP/3 traffic, which uses the QUIC protocol over UDP. HTTP/3 inspection requires traffic to be proxied over UDP.
10
+
Gateway supports inspection of HTTP/3 traffic, which uses the QUIC protocol over UDP. HTTP/3 inspection requires a [user-side certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/) to be deployed and traffic to be proxied over UDP with [TLS version 1.3](/cloudflare-one/policies/gateway/http-policies/tls-decryption/).
11
11
12
12
Gateway applies HTTP policies to HTTP/3 traffic last. For more information, refer to the [order of enforcement](/cloudflare-one/policies/gateway/order-of-enforcement/#http3-traffic).
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx
+6-4Lines changed: 6 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
pcx_content_type: concept
3
3
title: TLS decryption
4
4
sidebar:
5
-
order: 3
5
+
order: 2
6
6
---
7
7
8
8
import {
@@ -19,6 +19,8 @@ When you enable TLS decryption, Gateway will decrypt all traffic sent over HTTPS
19
19
20
20
Cloudflare prevents interference by decrypting, inspecting, and re-encrypting HTTPS requests in its data centers in memory only. Gateway only stores eligible cache content at rest. All cache disks are encrypted at rest. You can configure where TLS decryption takes place with [Regional Services](/data-localization/regional-services/) in the [Cloudflare Data Localization Suite (DLS)](/data-localization/).
21
21
22
+
Cloudflare supports connections from users to Gateway over TLS 1.1, 1.2, and 1.3.
@@ -51,7 +53,7 @@ Google Chrome can automatically upgrade HTTP requests to HTTPS requests, even wh
51
53
52
54
You can turn off automatic HTTPS upgrades via a Gateway pass through policy, a Chrome browser flag, or a Chrome Enterprise policy.
53
55
54
-
<Tabs> <TabItemlabel="pass through policy">
56
+
<Tabs> <TabItemlabel="Pass through policy">
55
57
56
58
To disable automatic HTTPS upgrades for a URL across your Zero Trust organization, create a Gateway pass through policy.
57
59
@@ -69,11 +71,11 @@ To disable automatic HTTPS upgrades for a URL across your Zero Trust organizatio
69
71
70
72
The pass through policy will bypass insecure connection upgrades for any device connected to your Zero Trust organization. For more information, refer to [Untrusted certificates](/cloudflare-one/policies/gateway/http-policies/#untrusted-certificates).
71
73
72
-
</TabItem> <TabItemlabel="chrome browser flag">
74
+
</TabItem> <TabItemlabel="Chrome browser flag">
73
75
74
76
To disable automatic HTTPS upgrades on a per-browser basis, go to [Chrome flags](chrome://flags/#https-upgrades) and turn off **HTTPS Upgrades**.
Chrome Enterprise users can turn off automatic HTTPS upgrades for all URLs with a [`HttpsUpgradesEnabled` management policy](https://chromeenterprise.google/policies/#HttpsUpgradesEnabled).
0 commit comments