Crypto - Page 1 - Cloudflare Blog

High-reliability OCSP stapling and why it matters

Published on July 10th, 2017 12:43PM by Nick Sullivan.

At Cloudflare our focus is making the internet faster and more secure. Today we are announcing a new enhancement to our HTTPS service: High-Reliability OCSP stapling. This feature is a step towards enabling an important security feature on the web: certificate revocation checking. Reliable OCSP stapling also improves connection times

How to make your site HTTPS-only

Published on July 6th, 2017 1:35PM by Nick Sullivan.

The Internet is getting more secure every day as people enable HTTPS, the secure version of HTTP, on their sites and services. Last year, Mozilla reported that the percentage of requests made by Firefox using encrypted HTTPS passed 50% for the first time. HTTPS has numerous benefits that are not

Introducing Zero Round Trip Time Resumption (0-RTT)

Published on March 15th, 2017 2:00PM by Nick Sullivan.

Cloudflare’s mission is to help build a faster and more secure Internet. Over the last several years, the Internet Engineering Task Force (IETF) has been working on a new version of TLS, the protocol that powers the secure web. Last September, Cloudflare was the first service provider to enable

TLS 1.3 explained by the Cloudflare Crypto Team at 33c3

Published on February 1st, 2017 2:57PM by Filippo Valsorda.

Nick Sullivan and I gave a talk about TLS 1.3 at 33c3, the latest Chaos Communication Congress. The congress, attended by more that 13,000 hackers in Hamburg, has been one of the hallmark events of the security community for more than 30 years. You can watch the recording

So you want to expose Go on the Internet

Published on December 26th, 2016 2:59PM by Filippo Valsorda.

This piece was originally written for the Gopher Academy advent series. We are grateful to them for allowing us to republish it here. Back when crypto/tls was slow and net/http young, the general wisdom was to always put Go servers behind a reverse proxy like NGINX. That's not

Cloudflare Crypto Meetup #4: November 22

Published on November 2nd, 2016 11:45PM by Nick Sullivan.

Come join us on Cloudflare HQ in San Francisco on Tuesday, November 22 for another cryptography meetup. We had such a great time at the last one, we decided to host another. We’ll start the evening at 6:00p.m. with time for networking, followed up with short talks

TLS nonce-nse

Published on October 12th, 2016 3:05PM by Filippo Valsorda.

One of the base principles of cryptography is that you can't just encrypt multiple messages with the same key. At the very least, what will happen is that two messages that have identical plaintext will also have identical ciphertext, which is a dangerous leak. (This is similar to why you

An overview of TLS 1.3 and Q&A

Published on September 23rd, 2016 4:01PM by Filippo Valsorda.

The CloudFlare London office hosts weekly internal Tech Talks (with free lunch picked by the speaker). My recent one was an explanation of the latest version of TLS, 1.3, how it works and why it's faster and safer. You can watch the complete talk below or just read my