Reply To: SSL/TLS Setting Recommendation

[Hugh]

Options:
1) Off: No encryption applied
2) Flexible: Encrypts traffic between the browser and Cloudflare
3) Full: Encrypts end-to-end, using a self signed certificate on the server
4) Full (strict): Encrypts end-to-end, but requires a trusted CA or Cloudflare Origin CA certificate on the server

Full vs Strict has to do with what type of certificate you have on your server. If it's not self signed, and an actual CA issued certificate, then you can use strict. Either way, the important thing is to have an actual CA certificate on your site (i.e. via Let's Encrypt), which it sounds like you do. After that, shouldn't really matter Full or Strict at Cloudflare.

If it is an upsell attempt, I've never seen it as being in your face about it.