April 17, 2014 10:00AM
The Hidden Costs of Heartbleed
A quick followup to our last blog post on our decision to reissue and revoke all of CloudFlare's customers' SSL certificates. One question we've received is why we didn't just reissue and revoke all SSL certificates as soon as we got word about the Heartbleed vulnerability?...
April 17, 2014 12:44AM
The Heartbleed Aftermath: all CloudFlare certificates revoked and reissued
Eleven days ago the Heartbleed vulnerability was publicly announced. Last Friday, we issued the CloudFlare Challenge: Heartbleed and simultaneously started the process of revoking and reissuing all the SSL certificates....
April 12, 2014 9:52AM
Certificate Revocation and Heartbleed
As you may have noticed, the CloudFlare Heartbleed Challenge has been solved. The private key for the site cloudflarechallenge.com has been obtained by several authorized attackers via the Heartbleed exploit....
April 11, 2014 7:00PM
The Results of the CloudFlare Challenge
Earlier today we announced the Heartbleed Challenge. We set up a nginx server with a vulnerable version of OpenSSL and challenged the community to steal its private key....
April 11, 2014 2:27AM
Answering the Critical Question: Can You Get Private SSL Keys Using Heartbleed?
Below is what we thought as of 12:27pm UTC. To verify our belief we crowd sourced the investigation. It turns out we were wrong. While it takes effort, it is possible to extract private SSL keys....