MORE POSTS
July 24, 2018 3:04 PM
Today, Chrome Takes Another Step Forward in Addressing the Design Flaw That is an Unencrypted Web
I still remember my first foray onto the internet as a university student back in the mid 90's. It was a simpler time back then, of course; we weren't doing our personal banking or our tax returns or handling our medical records so encrypting the transport layer wasn't exactly a ...
June 28, 2018 5:40 PM
Delivering a Serverless API in 10 minutes using Workers
In preparation for Chrome’s Not Secure flag, which will update the indicator to show Not Secure when a site is not accessed over https, we wanted people to be able to test whether their site would pass. ...
June 28, 2018 1:00 PM
T-25 days until Chrome starts flagging HTTP sites as "Not Secure"
Less than one month from today, on July 23, Google will start prominently labeling any site loaded in Chrome without HTTPS as "Not Secure"....
February 14, 2018 8:00 PM
HTTPS or bust: Chrome’s plan to label sites as "Not Secure"
Google just announced that beginning in July 2018, with the release of Chrome 68, web pages loaded without HTTPS will be marked as “not secure”. More than half of web visitors will soon see this warning when visiting unencrypted HTTP sites....
November 09, 2017 4:05 PM
Privacy Pass - “The Math”
During a recent internship at Cloudflare, I had the chance to help integrate support for improving the accessibility of websites that are protected by the Cloudflare edge network. ...
November 09, 2017 4:00 PM
Cloudflare supports Privacy Pass
Cloudflare supports Privacy Pass, a recently-announced privacy-preserving protocol developed in collaboration with researchers from Royal Holloway and the University of Waterloo. ...
February 01, 2017 2:57 PM
TLS 1.3 explained by the Cloudflare Crypto Team at 33c3
Nick Sullivan and I gave a talk about TLS 1.3 at 33c3, the latest Chaos Communication Congress. The congress, attended by more that 13,000 hackers in Hamburg, has been one of the hallmark events of the security community for more than 30 years....
September 20, 2016 1:04 PM
Introducing TLS 1.3
The encrypted Internet is about to become a whole lot snappier. When it comes to browsing, we’ve been driving around in a beat-up car from the 90s for a while. Little does anyone know, we’re all about to trade in our station wagons for a smoking new sports car. ...
April 04, 2016 11:50 AM
It takes two to ChaCha (Poly)
Not long ago we introduced support for TLS cipher suites based on the ChaCha20-Poly1305 AEAD, for all our customers. Back then those cipher suites were only supported by the Chrome browser and Google's websites, but were in the process of standardization. ...
November 10, 2014 11:28 PM
CloudFlare and SHA-1 Certificates
At CloudFlare, we’re dedicated to ensuring sites are not only secure, but also available to the widest audience. In the coming months, both Google’s Chrome browser and Mozilla’s Firefox browser are changing their policy with respect to certain web site certificates....
December 26, 2013 5:00 PM
Using CloudFlare to mix domain sharding and SPDY
It’s common knowledge that domain sharding, where the resources in a web page are shared across different domains (or subdomains), is a good thing. ...
September 20, 2013 6:00 AM
Why some cryptographic keys are much smaller than others
If you connect to CloudFlare's web site using HTTPS the connection will be secured using one of the many encryption schemes supported by SSL/TLS. ...
August 02, 2012 10:34 PM
SPDY Now One-Click Simple for Any Website
About a month and a half ago, CloudFlare announced limited support for SPDY as part of a private beta. SPDY is the new protocol pioneered by Google to make the web faster. If you're curious, we've written about what makes SPDY speedy in previous blog posts.
...