From b7093150cee975e1b0bc24f21909d11fbee77840 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Fri, 20 Dec 2024 15:49:08 +0000 Subject: [PATCH 1/3] Cross-link on-the-fly HTTPS records with proxy status --- .../dns/manage-dns-records/reference/dns-record-types.mdx | 2 +- .../manage-dns-records/reference/proxied-dns-records.mdx | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/content/docs/dns/manage-dns-records/reference/dns-record-types.mdx b/src/content/docs/dns/manage-dns-records/reference/dns-record-types.mdx index 18d9dca401a360d..421f500ab86e2e0 100644 --- a/src/content/docs/dns/manage-dns-records/reference/dns-record-types.mdx +++ b/src/content/docs/dns/manage-dns-records/reference/dns-record-types.mdx @@ -302,7 +302,7 @@ curl "https://api.cloudflare.com/client/v4/zones//dns_records" \ Service Binding (SVCB) and HTTPS Service (HTTPS) records allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection. -If your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/), Cloudflare automatically generates HTTPS records on the fly, to advertise to clients how they should connect to your server. +If your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/) and [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/), Cloudflare automatically generates HTTPS records on the fly, to advertise to clients how they should connect to your server. For more details and context, refer to the [announcement blog post](https://blog.cloudflare.com/speeding-up-https-and-http-3-negotiation-with-dns/) and [RFC 9460](https://www.rfc-editor.org/rfc/rfc9460.html). diff --git a/src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx b/src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx index b4e6f8c1a0d1e4f..9c780021e6098f6 100644 --- a/src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx +++ b/src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx @@ -20,6 +20,14 @@ The **Proxy status** of a DNS record affects how Cloudflare treats incoming traf +### Protocol optimization + +For proxied records, if your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/), Cloudflare automatically generates corresponding HTTPS records on the fly. [HTTPS Service (HTTPS) records](/dns/manage-dns-records/reference/dns-record-types/#svcb-and-https) allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection. + +:::note +Both HTTP/2 and HTTP/3 configurations also require that you have an SSL/TLS certificate served by Cloudflare. This means that disabling Universal SSL, for example, could impact this behavior. +::: + ### Limitations From 3efd34e5e5e86fdae45d23071147a59aabaebcd9 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Fri, 20 Dec 2024 15:59:23 +0000 Subject: [PATCH 2/3] Add note on HTTPS records to SSL browser compatibility page --- .../docs/ssl/reference/browser-compatibility.mdx | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/content/docs/ssl/reference/browser-compatibility.mdx b/src/content/docs/ssl/reference/browser-compatibility.mdx index 15d686ef3f32058..707c217d61aabd7 100644 --- a/src/content/docs/ssl/reference/browser-compatibility.mdx +++ b/src/content/docs/ssl/reference/browser-compatibility.mdx @@ -36,3 +36,13 @@ To support non-SNI requests, you can: * (BYOIP customers only) Enterprise customers can choose to bring your own IP prefix to Cloudflare Network and [specify the default SNI used for any handshake in the address map](/byoip/troubleshooting/#non-sni-support). * (Paid plans only) [Contact Cloudflare Support](/support/contacting-cloudflare-support/) and request a set of dedicated IPs for your zone. + +## HTTPS records + +HTTPS Service (HTTPS) records allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection. + +If your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/) and [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/), Cloudflare automatically generates HTTPS records on the fly, to advertise to clients how they should connect to your server. + +:::caution +Both HTTP/2 and HTTP/3 configurations also require that you have an SSL/TLS certificate served by Cloudflare. This means that disabling Universal SSL, for example, could impact this behavior. +::: \ No newline at end of file From 01cdefcf881dd663fd3f6417edf7ab2626ccc7be Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 23 Dec 2024 12:25:57 +0000 Subject: [PATCH 3/3] Overall review and improve cross-linking --- .../dns/manage-dns-records/reference/proxied-dns-records.mdx | 4 ++-- src/content/docs/ssl/reference/browser-compatibility.mdx | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx b/src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx index 9c780021e6098f6..ac6accad049cd19 100644 --- a/src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx +++ b/src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx @@ -22,10 +22,10 @@ The **Proxy status** of a DNS record affects how Cloudflare treats incoming traf ### Protocol optimization -For proxied records, if your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/), Cloudflare automatically generates corresponding HTTPS records on the fly. [HTTPS Service (HTTPS) records](/dns/manage-dns-records/reference/dns-record-types/#svcb-and-https) allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection. +For proxied records, if your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/), Cloudflare automatically generates corresponding [HTTPS Service (HTTPS) records](/dns/manage-dns-records/reference/dns-record-types/#svcb-and-https) on the fly. HTTPS records allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection. :::note -Both HTTP/2 and HTTP/3 configurations also require that you have an SSL/TLS certificate served by Cloudflare. This means that disabling Universal SSL, for example, could impact this behavior. +Both HTTP/2 and HTTP/3 configurations also require that you have an SSL/TLS certificate served by Cloudflare. This means that disabling [Universal SSL](/ssl/edge-certificates/universal-ssl/), for example, could impact this behavior. ::: ### Limitations diff --git a/src/content/docs/ssl/reference/browser-compatibility.mdx b/src/content/docs/ssl/reference/browser-compatibility.mdx index 707c217d61aabd7..17464357278645a 100644 --- a/src/content/docs/ssl/reference/browser-compatibility.mdx +++ b/src/content/docs/ssl/reference/browser-compatibility.mdx @@ -39,7 +39,7 @@ To support non-SNI requests, you can: ## HTTPS records -HTTPS Service (HTTPS) records allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection. +[HTTPS Service (HTTPS) records](/dns/manage-dns-records/reference/dns-record-types/#svcb-and-https) allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection. If your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/) and [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/), Cloudflare automatically generates HTTPS records on the fly, to advertise to clients how they should connect to your server.