Thoughts on Network Neutrality, the FCC, and the Future of Internet Governance

Published on by Matthew Prince.

Today the United States Federal Communications Commission (FCC) voted to extend the rules that previously regulated the telephone industry to now regulate Internet Service Providers (ISPs). The Commission did this in order to preserve the principle of network neutrality. Broadly stated, this principle is that networks should not discriminate against content that passes through them. At CloudFlare, we are strong proponents of network neutrality. My co-founder, Michelle Zatlyn,…

Enforce Web Policy with HTTP Strict Transport Security (HSTS)

Published on by Ryan Lackey.

HTTP Strict Transport Security (HSTS, RFC 6797) is a web security policy technology designed to help secure HTTPS web servers against downgrade attacks. HSTS is a powerful technology which is not yet widely adopted. CloudFlare aims to change this. Downgrade attacks (also known as SSL stripping attacks) are a serious threat to web applications. This type of attack is a form of man-in-the-middle attack in which an attacker…

Universal SSL: Encryption all the way to the origin, for free

Published on by Nick Sullivan.

Last September, CloudFlare unveiled Universal SSL, enabling HTTPS support for all sites by default. All sites using CloudFlare now support strong cryptography from the browser to CloudFlare’s servers. One of the most popular requests for Universal SSL was to make it easier to encrypt the other half of the connection: from CloudFlare to the origin server. Until today, encryption from CloudFlare to the origin required the purchase…

TLS Session Resumption: Full-speed and Secure

Published on by Zi Lin.

At CloudFlare, making web sites faster and safer at scale is always a driving force for innovation. We introduced “Universal SSL” to dramatically increase the size of the encrypted web. In order for that to happen we knew we needed to efficiently handle large volumes of HTTPS traffic, and give end users the fastest possible performance. CC BY 2.0 image by ecos systems In this article, I’…

Do the ChaCha: better mobile performance with cryptography

Published on by Nick Sullivan.

CC BY-ND 2.0 image image by Clinton Steeds CloudFlare is always trying to improve customer experience by adopting the latest and best web technologies so that our customers (and their visitors) have a fast and a secure web browsing experience. More and more web sites are now using HTTPS by default. This sea change has been spearheaded by many groups including CloudFlare enabling free SSL for millions…

End of the road for RC4

Published on by John Graham-Cumming.

Today, we completely disabled the RC4 encryption algorithm for all SSL/TLS connections to CloudFlare sites. It's no longer possible to connect to any site that uses CloudFlare using RC4. Over a year ago, we disabled RC4 for connections for TLS 1.1 and above because there were more secure algorithms available. In May 2014, we deprecated RC4 by moving it to the lowest priority in our list…