Introducing TLS with Client Authentication

Published on by Dani Grant.

In a traditional TLS handshake, the client authenticates the server, and the server doesn’t know too much about the client. However, starting now, Cloudflare is offering enterprise customers TLS with client authentication, meaning that the server additionally authenticates that the client connecting to it is authorized to connect. TLS Client Authentication is useful in cases where a server is keeping track of hundreds of thousands or millions…

Upcoming Cloudflare events: Berlin May 5-7, Austin & Portland May 11

Published on by Jade Q. Wang.

Attending JS Conf EU, CSS Conf, or OSCON in the next couple of weeks? Live in Berlin or Austin or Portland? Come over and join Cloudflare devs in the area at our upcoming events. JS Conf EU 2016. Photo by Holger Blank. In Berlin? Attending JS Conf EU or CSS Conf EU? If you’re at JS Conf EU (May 6-7) or CSS Conf EU (May 5): Be…

Introducing Cloudflare Orbit: A Private Network for IoT Devices

Published on by Dani Grant.

In October, we wrote about a 1.75M rps DDoS attack we mitigated on our network, launched by 52,467 unique IP’s, mostly hacked CCTV cameras. We continued to see more IoT devices in DDoS attacks, and so we started to put together a security solution to protect the devices from becoming part of the botnet in the first place. Today we’re announcing it: Cloudflare Orbit.…

Ecommerce websites on Cloudflare: best practices

Published on by Nick B.

Cloudflare provides numerous benefits to ecommerce sites, including advanced DDOS protection and an industry-leading Web Application Firewall (WAF) that helps secure your transactions and protect customers’ private data. A key Cloudflare feature is caching, which allows content to be served closer to the end user from our global network of data centers. Doing so improves the user's shopping experience and contributes to increasing the proportion of people completing…

AES-CBC is going the way of the dodo

Published on by Vlad Krasnov.

A little over a year ago, Nick Sullivan talked about the beginning of the end for AES-CBC cipher suites, following a plethora of attacks on this cipher mode. Today we can safely confirm that this prediction is coming true, as for the first time ever the share of AES-CBC cipher suites on Cloudflare’s edge network dropped below that of ChaCha20-Poly1305 suites, and is fast approaching the 10%…