Crypto - Page 1 - Cloudflare Blog

Understanding the prevalence of web traffic interception

Published on September 12th, 2017 4:29PM by Elie Bursztein.

This is a guest post by Elie Bursztein who writes about security and anti-abuse research. It was first published on his blog and has been lightly edited. This post summarizes how prevalent encrypted web traffic interception is and how it negatively affects online security according to a study published at

SIDH in Go for quantum-resistant TLS 1.3

Published on September 1st, 2017 8:48PM by Henry de Valence.

This blog post presents a new cryptography primitive that we open sourced: p751sidh. The Quantum Threat Most of today's cryptography is designed to be secure against an adversary with enormous amounts of computational power. This means estimating how much work certain computations (such as factoring a number, or finding a

High-reliability OCSP stapling and why it matters

Published on July 10th, 2017 12:43PM by Nick Sullivan.

At Cloudflare our focus is making the internet faster and more secure. Today we are announcing a new enhancement to our HTTPS service: High-Reliability OCSP stapling. This feature is a step towards enabling an important security feature on the web: certificate revocation checking. Reliable OCSP stapling also improves connection times

How to make your site HTTPS-only

Published on July 6th, 2017 1:35PM by Nick Sullivan.

The Internet is getting more secure every day as people enable HTTPS, the secure version of HTTP, on their sites and services. Last year, Mozilla reported that the percentage of requests made by Firefox using encrypted HTTPS passed 50% for the first time. HTTPS has numerous benefits that are not

Introducing Zero Round Trip Time Resumption (0-RTT)

Published on March 15th, 2017 2:00PM by Nick Sullivan.

Cloudflare’s mission is to help build a faster and more secure Internet. Over the last several years, the Internet Engineering Task Force (IETF) has been working on a new version of TLS, the protocol that powers the secure web. Last September, Cloudflare was the first service provider to enable

TLS 1.3 explained by the Cloudflare Crypto Team at 33c3

Published on February 1st, 2017 2:57PM by Filippo Valsorda.

Nick Sullivan and I gave a talk about TLS 1.3 at 33c3, the latest Chaos Communication Congress. The congress, attended by more that 13,000 hackers in Hamburg, has been one of the hallmark events of the security community for more than 30 years. You can watch the recording

So you want to expose Go on the Internet

Published on December 26th, 2016 2:59PM by Filippo Valsorda.

This piece was originally written for the Gopher Academy advent series. We are grateful to them for allowing us to republish it here. Back when crypto/tls was slow and net/http young, the general wisdom was to always put Go servers behind a reverse proxy like NGINX. That's not

Cloudflare Crypto Meetup #4: November 22

Published on November 2nd, 2016 11:45PM by Nick Sullivan.

Come join us on Cloudflare HQ in San Francisco on Tuesday, November 22 for another cryptography meetup. We had such a great time at the last one, we decided to host another. We’ll start the evening at 6:00p.m. with time for networking, followed up with short talks