Introducing Zero Round Trip Time Resumption (0-RTT)

Published on by Nick Sullivan.

Cloudflare’s mission is to help build a faster and more secure Internet. Over the last several years, the Internet Engineering Task Force (IETF) has been working on a new version of TLS, the protocol that powers the secure web. Last September, Cloudflare was the first service provider to enable

How to build your own public key infrastructure

Published on by Nick Sullivan.

A major part of securing a network as geographically diverse as CloudFlare’s is protecting data as it travels between datacenters. Customer data and logs are important to protect but so is all the control data that our applications use to communicate with each other. For example, our application servers

Logjam: the latest TLS vulnerability explained

Published on by Filippo Valsorda.

Image: "Logjam" as interpreted by @0xabad1dea. Yesterday, a group from INRIA, Microsoft Research, Johns Hopkins, the University of Michigan, and the University of Pennsylvania published a deep analysis of the Diffie-Hellman algorithm as used in TLS and other protocols. This analysis included a novel downgrade attack against the TLS protocol