Performing & Preventing SSL Stripping: A Plain-English Primer
October 20, 2017 4:23 PM
Over the past few days we learnt about a new attack that posed a serious weakness in the encryption protocol used to secure all modern Wi-Fi networks....
Geo Key Manager: How It Works
September 26, 2017 1:00 PM
Today we announced Geo Key Manager, a feature that gives customers control over where their private keys are stored with Cloudflare. This builds on a previous Cloudflare innovation called Keyless SSL and a novel cryptographic access control mechanism....
Understanding the prevalence of web traffic interception
September 12, 2017 4:29 PM
This post summarizes how prevalent encrypted web traffic interception is and how it negatively affects online security according to a study published at NDSS 2017 authored by several researchers including the author of this post and Nick Sullivan of Cloudflare. ...
SIDH in Go for quantum-resistant TLS 1.3
September 01, 2017 8:48 PM
Most of today's cryptography is designed to be secure against an adversary with enormous amounts of computational power. This means estimating how much work certain computations require, and choosing cryptographic parameters based on our best estimates....
High-reliability OCSP stapling and why it matters
July 10, 2017 12:43 PM
At Cloudflare our focus is making the internet faster and more secure. Today we are announcing a new enhancement to our HTTPS service: High-Reliability OCSP stapling....
MORE POSTS
March 15, 2017 2:00 PM
Introducing Zero Round Trip Time Resumption (0-RTT)
Cloudflare’s mission is to help build a faster and more secure Internet. Over the last several years, the Internet Engineering Task Force (IETF) has been working on a new version of TLS, the protocol that powers the secure web....
- By
February 07, 2017 7:31 PM
Cloudflare Crypto Meetup #5: February 28, 2017
Come join us on Cloudflare HQ in San Francisco on Tuesday, Febrary 28, 2017 for another cryptography meetup. We again had a great time at the last one, we decided to host another. It's becoming a pattern....
- By
February 01, 2017 2:57 PM
TLS 1.3 explained by the Cloudflare Crypto Team at 33c3
Nick Sullivan and I gave a talk about TLS 1.3 at 33c3, the latest Chaos Communication Congress. The congress, attended by more that 13,000 hackers in Hamburg, has been one of the hallmark events of the security community for more than 30 years....
- By
December 26, 2016 2:59 PM
So you want to expose Go on the Internet
Back when crypto/tls was slow and net/http young, the general wisdom was to always put Go servers behind a reverse proxy like NGINX. That's not necessary anymore!...
- By
November 02, 2016 11:45 PM
Cloudflare Crypto Meetup #4: November 22
Come join us on Cloudflare HQ in San Francisco on Tuesday, November 22 for another cryptography meetup. We had such a great time at the last one, we decided to host another....
- By
October 12, 2016 3:05 PM
TLS nonce-nse
One of the base principles of cryptography is that you can't just encrypt multiple messages with the same key. At the very least, what will happen is that two messages that have identical plaintext will also have identical ciphertext, which is a dangerous leak. ...
- By
September 23, 2016 4:01 PM
An overview of TLS 1.3 and Q&A
The CloudFlare London office hosts weekly internal Tech Talks (with free lunch picked by the speaker). My recent one was an explanation of the latest version of TLS, 1.3, how it works and why it's faster and safer....
- By
May 10, 2016 3:21 PM
How we built Origin CA: Web Crypto
At CloudFlare we strive to combine features that are simple, secure, and backed by solid technology. The Origin CA is a great example of this. You no longer need to go to a third-party certificate authority to protect the connection between CloudFlare and your origin server....
- By
April 08, 2016 1:40 PM
CloudFlare Crypto Meetup: April 21, 2016
Now back in HD: the CloudFlare Cryptography Meetup series. A while back, CloudFlare hosted a pair of Meetups focused on encryption and cryptographic technology. ...
- By
February 12, 2016 2:00 PM
Padding oracles and the decline of CBC-mode cipher suites
At CloudFlare, we’re committed to making sure the encrypted web is available to everyone, even those with older browsers. At the same time, we want to make sure that as many people as possible are using the most modern and secure encryption available to them. ...
- By
December 25, 2015 8:49 AM
How to Talk to Your Parents About Encryption
It’s December 25th, which means most of you are probably at home visiting with family. I asked a few of the security engineers here at CloudFlare how they explain their jobs when they’re home for the holidays, and here's what they had to say....
- By
May 07, 2015 10:06 AM
Go crypto: bridging the performance gap
It is no secret that we at CloudFlare love Go. We use it, and we use it a LOT. There are many things to love about Go, but what I personally find appealing is the ability to write assembly code!...
- By
February 23, 2015 8:22 PM
Do the ChaCha: better mobile performance with cryptography
CloudFlare is always trying to improve customer experience by adopting the latest and best web technologies so that our customers (and their visitors) have a fast and a secure web browsing experience....
- By
October 01, 2014 10:57 PM
Universal SSL: How It Scales
On Monday, we announced Universal SSL, enabling HTTPS for all websites using CloudFlare’s Free plan. Universal SSL represents a massive increase in the number of sites we serve over HTTPS—from tens of thousands, to millions....
- By