NCC Group's Cryptography Services audits our Go TLS 1.3 stack
February 15, 2017 12:49 AM
The Cloudflare TLS 1.3 beta is run by a Go implementation of the protocol based on the Go standard library, crypto/tls. ...
Want to see your DNS analytics? We have a Grafana plugin for that
February 14, 2017 6:04 PM
Curious where your DNS traffic is coming from, how much DNS traffic is on your domain, and what records people are querying for that don’t exist? We now have a Grafana plugin for you. ...
Cloudflare Crypto Meetup #5: February 28, 2017
February 07, 2017 7:31 PM
Come join us on Cloudflare HQ in San Francisco on Tuesday, Febrary 28, 2017 for another cryptography meetup. We again had a great time at the last one, we decided to host another. It's becoming a pattern....
DDoS Ransom: An Offer You Can Refuse
February 06, 2017 9:43 PM
Cloudflare has covered DDoS ransom groups several times in the past. First, we reported on the copycat group claiming to be the Armada Collective and then not too long afterwards, we covered the "new" Lizard Squad....
TLS 1.3 explained by the Cloudflare Crypto Team at 33c3
February 01, 2017 2:57 PM
Nick Sullivan and I gave a talk about TLS 1.3 at 33c3, the latest Chaos Communication Congress. The congress, attended by more that 13,000 hackers in Hamburg, has been one of the hallmark events of the security community for more than 30 years....
MORE POSTS
January 10, 2017 11:20 PM
Cloudflare’s Transparency Report for Second Half 2016 and an Additional Disclosure for 2013
Cloudflare is publishing today its seventh transparency report, covering the second half of 2016. For the first time, we are able to present information on a previously undisclosed National Security Letter (NSL) Cloudflare received in the 2013 reporting period. ...
- By
January 10, 2017 1:52 PM
Token Authentication for Cached Private Content and APIs
While working to make the Internet a better place, we also want to make it easier for our customers to have control of their content and APIs, and who has access to them. Using Cloudflare’s Token Authentication features, customers can implement access control via URL tokens or HT...
- By
January 09, 2017 2:08 PM
The Porcupine Attack: investigating millions of junk requests
We extensively monitor our network and use multiple systems that give us visibility including external monitoring and internal alerts when things go wrong....
- By
December 30, 2016 2:34 PM
2017 and the Internet: our predictions
Looking back over 2016, we saw the good and bad that comes with widespread use and abuse of the Internet. ...
- By
December 26, 2016 2:59 PM
So you want to expose Go on the Internet
Back when crypto/tls was slow and net/http young, the general wisdom was to always put Go servers behind a reverse proxy like NGINX. That's not necessary anymore!...
- By
December 05, 2016 1:54 PM
TLD glue sticks around too long
Recent headline grabbing DDoS attacks provoked heated debates in the DNS community. Everyone has strong opinions on how to harden DNS to avoid downtime in the future. Is it better to use a single DNS provider or multiple? ...
- By
December 02, 2016 1:21 PM
The Daily DDoS: Ten Days of Massive Attacks
Back in March my colleague Marek wrote about a Winter of Whopping Weekend DDoS Attacks where we were seeing 400Gbps attacks occurring mostly at the weekends. We speculated that attackers were busy with something else during the week....
- By
November 28, 2016 2:10 PM
HPACK: the silent killer (feature) of HTTP/2
If you have experienced HTTP/2 for yourself, you are probably aware of the visible performance gains possible with HTTP/2 due to features like stream multiplexing, explicit stream dependencies, and Server Push. ...
- By
November 21, 2016 2:14 PM
98.01% of sites on Cloudflare now use IPv6
It's 2016 and almost every site using Cloudflare (more than 4 million of them) is using IPv6. Cloudflare sees significant IPv6 traffic globally where networks have enabled IPv6 to the consumer....
- By
November 02, 2016 11:45 PM
Cloudflare Crypto Meetup #4: November 22
Come join us on Cloudflare HQ in San Francisco on Tuesday, November 22 for another cryptography meetup. We had such a great time at the last one, we decided to host another....
- By
October 27, 2016 12:10 PM
How the Dyn outage affected Cloudflare
Last Friday the popular DNS service Dyn suffered three waves of DDoS attacks that affected users first on the East Coast of the US, and later users worldwide. ...
- By
October 26, 2016 12:59 PM
How Cloudflare's Architecture Allows Us to Scale to Stop the Largest Attacks
The last few weeks have seen several high-profile outages in legacy DNS and DDoS-mitigation services due to large scale attacks. Cloudflare's customers have, understandably, asked how we are positioned to handle similar attacks....
- By
October 21, 2016 6:22 PM
Dyn issues affecting joint customers
Today there is an ongoing, large scale Denial-of-Service attack directed against Dyn DNS. While Cloudflare services are operating normally, if you are using both Cloudflare and Dyn services, your website may be affected....
- By
October 12, 2016 3:05 PM
TLS nonce-nse
One of the base principles of cryptography is that you can't just encrypt multiple messages with the same key. At the very least, what will happen is that two messages that have identical plaintext will also have identical ciphertext, which is a dangerous leak. ...
- By