Posts by Nick Sullivan

CloudFlare and SHA-1 Certificates

Published on by Nick Sullivan.

At CloudFlare, we’re dedicated to ensuring sites are not only secure, but also available to the widest audience. In the coming months, both Google’s Chrome browser and Mozilla’s Firefox browser are changing their policy with respect to certain web site certificates. We are aware of these changes,

DNSSEC: Complexities and Considerations

Published on by Nick Sullivan.

This blog post is a follow-up to our previous introduction to DNSSEC. Read that first if you are not familiar with DNSSEC. DNSSEC is an extension to DNS: it provides a system of trust for DNS records. It’s a major change to one of the core components of the

DNSSEC: An Introduction

Published on by Nick Sullivan.

At CloudFlare our mission is to help build a better Internet. Part of this effort includes making web sites faster, more reliable, and more trustworthy. The obvious first choice in protocols to help make websites more secure is HTTPS. CloudFlare’s latest product—Universal SSL—helps web site operators provide

Universal SSL: How It Scales

Published on by Nick Sullivan.

On Monday, we announced Universal SSL, enabling HTTPS for all websites using CloudFlare’s Free plan. Universal SSL represents a massive increase in the number of sites we serve over HTTPS—from tens of thousands, to millions. People have asked us, both in comments and in person, how our servers

Origin Server Connection Security with Universal SSL

Published on by Nick Sullivan.

Earlier today, CloudFlare enabled Universal SSL: HTTPS support for all sites by default. Universal SSL provides state-of-the-art encryption between browsers and CloudFlare’s edge servers keeping web traffic private and secure from tampering. CloudFlare’s Flexible SSL mode is the default for CloudFlare sites on the Free plan. Flexible SSL

Keyless SSL: The Nitty Gritty Technical Details

Published on by Nick Sullivan.

We announced Keyless SSL yesterday to an overwhelmingly positive response. We read through the comments on this blog, Reddit, Hacker News, and people seem interested in knowing more and getting deeper into the technical details. In this blog post we go into extraordinary detail to answer questions about how Keyless