Get Started Free | Contact Sales: +1 (888) 274-3482

The Cloudflare Blog

Subscribe to receive notifications of new posts:

Subscription confirmed. Thank you for subscribing!

No upgrade needed: CloudFlare sites already protected from FREAK

John Graham-Cumming

1 min read

The newly announced FREAK vulnerability is not a concern for CloudFlare's SSL customers. We do not support 'export grade' cryptography (which, by its nature, is weak) and we upgraded to the non-vulnerable version of OpenSSL the day it was released in early January.

CC BY 2.0 image by Stuart Heath

Our OpenSSL configuration is freely available on our Github account here as are our patches to OpenSSL 1.0.2.

We strive to stay on top of vulnerabilities as they are announced; in this case no action was necessary as we were already protected by decisions to eliminate cipher suites and upgrade software.

We are also pro-active about disabling protocols and ciphers that are outdated (such as SSLv3, RC4) and keep up to date with the latest and most secure ciphers (such as ChaCha-Poly, forward secrecy and elliptic curves).

We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet application, ward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

Vulnerabilities OpenSSL SSL Attacks RC4

Follow on Twitter

Cloudflare |Cloudflare

May 07, 2015 11:06AM

Go crypto: bridging the performance gap

It is no secret that we at CloudFlare love Go. We use it, and we use it a LOT. There are many things to love about Go, but what I personally find appealing is the ability to write assembly code!...

Vlad Krasnov

Crypto , TLS , Elliptic Curves , Speed & Reliability , OpenSSL

November 29, 2018 9:54AM

Know your SCM_RIGHTS

As TLS 1.3 was ratified earlier this year, I was recollecting how we got started with it here at Cloudflare. We made the decision to be early adopters of TLS 1.3 a little over two years ago. It was a very important decision, and we took it very seriously....

Vlad Krasnov

TLS 1.3 , TLS , Security , Linux , TCP

November 08, 2017 8:03PM

ARM Takes Wing: Qualcomm vs. Intel CPU comparison

One of the nicer perks I have here at Cloudflare is access to the latest hardware, long before it even reaches the market. Until recently I mostly played with Intel hardware....

Vlad Krasnov

SSL , OpenSSL , Compression , Speed & Reliability , LUA

April 17, 2014 11:00AM

The Hidden Costs of Heartbleed

A quick followup to our last blog post on our decision to reissue and revoke all of CloudFlare's customers' SSL certificates. One question we've received is why we didn't just reissue and revoke all SSL certificates as soon as we got word about the Heartbleed vulnerability?...

Matthew Prince

OCSP , HTTPS , Heartbleed , Vulnerabilities , Reliability