Subscription confirmed. Thank you for subscribing!
March 04, 2015 12:32AM
The newly announced FREAK vulnerability is not a concern for CloudFlare's SSL customers. We do not support 'export grade' cryptography (which, by its nature, is weak) and we upgraded to the non-vulnerable version of OpenSSL the day it was released in early January....
February 23, 2015 6:51PM
RC4 Encryption TLS SSL SecurityToday, we completely disabled the RC4 encryption algorithm for all SSL/TLS connections to CloudFlare sites. It's no longer possible to connect to any site that uses CloudFlare using RC4....
May 19, 2014 3:00PM
TLS RC4 Security CryptographyTwo weeks ago we changed our TLS configuration to deprioritize the RC4 encryption method because it is widely thought to be vulnerable to attack. At the time we had an internal debate about turning off RC4 altogether, but statistics showed that we couldn't....
May 07, 2014 5:00AM
TLS RC4 Attacks HTTPS Product NewsAt CloudFlare we spend a lot of time thinking about the best way to keep our customers’ data safe. Despite recent troubles, HTTPS is still the best way to deliver encrypted content for the web....
January 29, 2014 12:00PM
RC4 OpenSSL Encryption Vulnerabilities CryptographyBack in 2011, the BEAST attack on the cipher block chaining (CBC) encryption mode used in TLS v1.0 was demonstrated. At the time the advice of experts (including our own) was to prioritize the use of RC4-based cipher suites....
More Posts
July 12, 2013 12:02AM
CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a priority. We use TLS both externally and internally and different uses of TLS have different constraints....
