diff --git a/src/content/docs/dns/manage-dns-records/reference/dns-record-types.mdx b/src/content/docs/dns/manage-dns-records/reference/dns-record-types.mdx index 18d9dca401a360..421f500ab86e2e 100644 --- a/src/content/docs/dns/manage-dns-records/reference/dns-record-types.mdx +++ b/src/content/docs/dns/manage-dns-records/reference/dns-record-types.mdx @@ -302,7 +302,7 @@ curl "https://api.cloudflare.com/client/v4/zones//dns_records" \ Service Binding (SVCB) and HTTPS Service (HTTPS) records allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection. -If your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/), Cloudflare automatically generates HTTPS records on the fly, to advertise to clients how they should connect to your server. +If your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/) and [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/), Cloudflare automatically generates HTTPS records on the fly, to advertise to clients how they should connect to your server. For more details and context, refer to the [announcement blog post](https://blog.cloudflare.com/speeding-up-https-and-http-3-negotiation-with-dns/) and [RFC 9460](https://www.rfc-editor.org/rfc/rfc9460.html). diff --git a/src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx b/src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx index b4e6f8c1a0d1e4..ac6accad049cd1 100644 --- a/src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx +++ b/src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx @@ -20,6 +20,14 @@ The **Proxy status** of a DNS record affects how Cloudflare treats incoming traf +### Protocol optimization + +For proxied records, if your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/), Cloudflare automatically generates corresponding [HTTPS Service (HTTPS) records](/dns/manage-dns-records/reference/dns-record-types/#svcb-and-https) on the fly. HTTPS records allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection. + +:::note +Both HTTP/2 and HTTP/3 configurations also require that you have an SSL/TLS certificate served by Cloudflare. This means that disabling [Universal SSL](/ssl/edge-certificates/universal-ssl/), for example, could impact this behavior. +::: + ### Limitations diff --git a/src/content/docs/ssl/reference/browser-compatibility.mdx b/src/content/docs/ssl/reference/browser-compatibility.mdx index 15d686ef3f3205..17464357278645 100644 --- a/src/content/docs/ssl/reference/browser-compatibility.mdx +++ b/src/content/docs/ssl/reference/browser-compatibility.mdx @@ -36,3 +36,13 @@ To support non-SNI requests, you can: * (BYOIP customers only) Enterprise customers can choose to bring your own IP prefix to Cloudflare Network and [specify the default SNI used for any handshake in the address map](/byoip/troubleshooting/#non-sni-support). * (Paid plans only) [Contact Cloudflare Support](/support/contacting-cloudflare-support/) and request a set of dedicated IPs for your zone. + +## HTTPS records + +[HTTPS Service (HTTPS) records](/dns/manage-dns-records/reference/dns-record-types/#svcb-and-https) allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection. + +If your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/) and [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/), Cloudflare automatically generates HTTPS records on the fly, to advertise to clients how they should connect to your server. + +:::caution +Both HTTP/2 and HTTP/3 configurations also require that you have an SSL/TLS certificate served by Cloudflare. This means that disabling Universal SSL, for example, could impact this behavior. +::: \ No newline at end of file