Posts by Nick Sullivan

Keyless SSL: The Nitty Gritty Technical Details

Published on by Nick Sullivan.

We announced Keyless SSL yesterday to an overwhelmingly positive response. We read through the comments on this blog, Reddit, Hacker News, and people seem interested in knowing more and getting deeper into the technical details. In this blog post we go into extraordinary detail to answer questions about how Keyless

Introducing CFSSL - CloudFlare's PKI toolkit

Published on by Nick Sullivan.

Today we’re proud to introduce CFSSL—our open source toolkit for everything TLS/SSL. CFSSL is used internally by CloudFlare for bundling TLS/SSL certificates chains, and for our internal Certificate Authority infrastructure. We use this tool for all our TLS certificates. Creating a certificate bundle is

CloudFlare Meetups: Set your mind on fire.

Published on by Nick Sullivan.

Education, expertise, and community: these themes define Meetups at CloudFlare. Meetups in our office bring together industry leaders, academics, and field experts to examine topics ranging from the Go programming language, to databases, to cryptography, and more. We’re creating a space for people interested in learning about, and

Killing RC4: The Long Goodbye

Published on by Nick Sullivan.

At CloudFlare we spend a lot of time thinking about the best way to keep our customers’ data safe. Despite recent troubles, HTTPS is still the best way to deliver encrypted content for the web. As the threat landscape changes we try to keep up with best practices with

The Heartbleed Aftermath: all CloudFlare certificates revoked and reissued

Published on by Nick Sullivan.

Eleven days ago the Heartbleed vulnerability was publicly announced. Last Friday, we issued the CloudFlare Challenge: Heartbleed and simultaneously started the process of revoking and reissuing all the SSL certificates that CloudFlare manages for our customers. That process is now complete. We have revoked and reissued every single certificate we

Certificate Revocation and Heartbleed

Published on by Nick Sullivan.

As you may have noticed, the CloudFlare Heartbleed Challenge has been solved. The private key for the site cloudflarechallenge.com has been obtained by several authorized attackers via the Heartbleed exploit. Any person who obtained the private key will be able to impersonate cloudflarechallenge.com, as Fedor Indutny demonstrated when