The Cloudflare Blog

Subscribe to receive notifications of new posts:

No upgrade needed: CloudFlare sites already protected from FREAK

03/04/2015

John Graham-Cumming

1 min read

The newly announced FREAK vulnerability is not a concern for CloudFlare's SSL customers. We do not support 'export grade' cryptography (which, by its nature, is weak) and we upgraded to the non-vulnerable version of OpenSSL the day it was released in early January.

CC BY 2.0 image by Stuart Heath

Our OpenSSL configuration is freely available on our Github account here as are our patches to OpenSSL 1.0.2.

We strive to stay on top of vulnerabilities as they are announced; in this case no action was necessary as we were already protected by decisions to eliminate cipher suites and upgrade software.

We are also pro-active about disabling protocols and ciphers that are outdated (such as SSLv3, RC4) and keep up to date with the latest and most secure ciphers (such as ChaCha-Poly, forward secrecy and elliptic curves).

We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet application, ward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

Vulnerabilities OpenSSL SSL Attacks RC4 Elliptic Curves

Follow on X

Cloudflare|@cloudflare

November 29, 2018 9:54 AM

Know your SCM_RIGHTS

As TLS 1.3 was ratified earlier this year, I was recollecting how we got started with it here at Cloudflare. We made the decision to be early adopters of TLS 1.3 a little over two years ago. It was a very important decision, and we took it very seriously....

Vlad Krasnov

TLS 1.3, TLS, Security, Linux, TCP, OpenSSL, Go, NGINX

November 10, 2017 11:06 AM

On the dangers of Intel's frequency scaling

While I was writing the post comparing the new Qualcomm server chip, Centriq, to our current stock of Intel Skylake-based Xeons, I noticed a disturbing phenomena....

Vlad Krasnov

Security, OpenSSL, SSL, Cryptography

November 08, 2017 8:03 PM

ARM Takes Wing: Qualcomm vs. Intel CPU comparison

One of the nicer perks I have here at Cloudflare is access to the latest hardware, long before it even reaches the market. Until recently I mostly played with Intel hardware. ...

Vlad Krasnov

SSL, OpenSSL, Compression, Speed & Reliability, LUA, Security, Go, Cryptography

May 07, 2015 10:06 AM

Go crypto: bridging the performance gap

It is no secret that we at CloudFlare love Go. We use it, and we use it a LOT. There are many things to love about Go, but what I personally find appealing is the ability to write assembly code!...

Vlad Krasnov

TLS, Elliptic Curves, Speed & Reliability, OpenSSL, SSL, Go, Programming, Security, Cryptography