HTTPS - The Cloudflare Blog (Page 12)

April 17, 2014 11:00AM

The Hidden Costs of Heartbleed

OCSP HTTPS Heartbleed Vulnerabilities Reliability SSL OpenSSL Security

A quick followup to our last blog post on our decision to reissue and revoke all of CloudFlare's customers' SSL certificates. One question we've received is why we didn't just reissue and revoke all SSL certificates as soon as we got word about the Heartbleed vulnerability?...

Matthew Prince

April 17, 2014 1:44AM

The Heartbleed Aftermath: all CloudFlare certificates revoked and reissued

TLS HTTPS Crypto OpenSSL Heartbleed Vulnerabilities Security

Eleven days ago the Heartbleed vulnerability was publicly announced. Last Friday, we issued the CloudFlare Challenge: Heartbleed and simultaneously started the process of revoking and reissuing all the SSL certificates....

Nick Sullivan

April 12, 2014 10:52AM

Certificate Revocation and Heartbleed

Heartbleed HTTPS Reliability SSL Community Vulnerabilities Security

As you may have noticed, the CloudFlare Heartbleed Challenge has been solved. The private key for the site cloudflarechallenge.com has been obtained by several authorized attackers via the Heartbleed exploit....

Nick Sullivan

March 10, 2014 4:30PM

ECDSA: The digital signature algorithm of a better internet

TLS HTTPS Crypto Elliptic Curves RSA Security

This blog post is dedicated to the memory of Dr. Scott Vanstone, popularizer of elliptic curve cryptography and inventor of the ECDSA algorithm. He passed away on March 2, 2014....

Nick Sullivan

February 14, 2014 1:00AM

Introducing Strict SSL: Protecting Against a On-Path Attack on Origin Traffic

TLS HTTPS Crypto Encryption SSL Security

At CloudFlare, we are always looking for ways to improve the security of our customers’ websites. One of the features we provide is the ability to serve their website encrypted over SSL/TLS....

Nick Sullivan