>>RedShi+(OP)
They are still terminating the encrypted connection and get to see all data in cleartext so this is irrelevant to the concerns stated in gp. The only thing this scheme buys you as the website owner is that you can prevent CF from accepting new SSL connections without revoking the certificate entirely.