Change the (S)Channel! Deconstructing the Microsoft TLS Session Resumption bug

Published on by Patrick R. Donahue.

Initial Problem Report Several months ago we started hearing occasional reports from .NET developers that they were having trouble maintaining HTTPS sessions with one of our customer’s websites. Establishing connections worked just fine but they would periodically get disconnected, resulting in an exception that crashed their application. Around the same time, we also started hearing reports that two other Microsoft products—Internet Explorer and its heir-apparent, Edge—…

CloudFlare’s Impact On The HTTP/2 “Universe”

Published on by Christian Elsen.

CloudFlare released HTTP/2 support for all customers on December 3rd, 2015. Now, two months later, it's time to take a look at the impact of this release on the HTTP/2 "universe" and also at what has changed from a HTTP/2 vs. SPDY vs. HTTP 1.1 traffic ratio perspective. HTTP/2 Usage Previously, we showcased browser market share data from our own website. Using these…

Advanced Technical "Hacks" for your site's SEO

Published on by Elenitsa Staykova.

Improving your site’s SEO is probably top of mind for you, but doing so takes a lot of hard work and the rules of the game are constantly changing. On Tuesday, January 26th at 10am PT/1pm ET, CloudFlare is hosting a live discussion with some of the leading experts in technical SEO. They will share advanced technical hacks to help you reap the benefits of higher…

CloudFlare launches new data centers in Oslo and Minneapolis

Published on by Martin J Levy.

Four thousand miles (6,400 kilometers) separate CloudFlare’s latest two data centers: Oslo (#75) and Minneapolis (#76). Oslo In Oslo, we have now built our third data center in Scandinavia. This joins our existing facilities in Stockholm and Copenhagen. With a data center in Norway, we recognize an important country that stands above others with a staggering 95.05% of the population having Internet connectivity. This Internet…

Preventing Malicious Request Loops

Published on by Nick Sullivan.

The web is an collaborative ecosystem. Web standards exist to ensure that participants of the network behave in a predictable way. If network participants deviate from the established standards then there can be unintended consequences. This blog post is about one of these unintended consequences. A group of researchers recently published a paper "Forwarding Loop Attacks in the Content Delivery Networks" describing what can happen when web services…