Heartbleed Revisited
March 27, 2021 1:00PM
TLS key compromise is a risk for all web services. Taking lessons from Heartbleed, Cloudflare offers the latest features that make key compromise less of a risk....
Searching for The Prime Suspect: How Heartbleed Leaked Private Keys
April 27, 2014 11:00PM
TLS HTTPS OpenSSL Heartbleed VulnerabilitiesWithin a few hours of CloudFlare launching its Heartbleed Challenge the truth was out. Not only did Heartbleed leak private session information (such as cookies and other data that SSL should have been protecting), but the crown jewels of an HTTPS web server were also vulnerable....
The Hidden Costs of Heartbleed
April 17, 2014 11:00AM
OCSP HTTPS Heartbleed Vulnerabilities ReliabilityA quick followup to our last blog post on our decision to reissue and revoke all of CloudFlare's customers' SSL certificates. One question we've received is why we didn't just reissue and revoke all SSL certificates as soon as we got word about the Heartbleed vulnerability?...
The Heartbleed Aftermath: all CloudFlare certificates revoked and reissued
April 17, 2014 1:44AM
TLS HTTPS Crypto OpenSSL HeartbleedEleven days ago the Heartbleed vulnerability was publicly announced. Last Friday, we issued the CloudFlare Challenge: Heartbleed and simultaneously started the process of revoking and reissuing all the SSL certificates....
Certificate Revocation and Heartbleed
April 12, 2014 10:52AM
Heartbleed HTTPS Reliability SSL CommunityAs you may have noticed, the CloudFlare Heartbleed Challenge has been solved. The private key for the site cloudflarechallenge.com has been obtained by several authorized attackers via the Heartbleed exploit....
More Posts
April 11, 2014 8:00PM
The Results of the CloudFlare Challenge
Earlier today we announced the Heartbleed Challenge. We set up a nginx server with a vulnerable version of OpenSSL and challenged the community to steal its private key....
-
By