Cloudflare Blog: Security

April 17, 2014 11:00AM

The Hidden Costs of Heartbleed

OCSP HTTPS Heartbleed Vulnerabilities Reliability SSL OpenSSL Security

A quick followup to our last blog post on our decision to reissue and revoke all of CloudFlare's customers' SSL certificates. One question we've received is why we didn't just reissue and revoke all SSL certificates as soon as we got word about the Heartbleed vulnerability?...

Matthew Prince

April 17, 2014 1:44AM

The Heartbleed Aftermath: all CloudFlare certificates revoked and reissued

TLS HTTPS Crypto OpenSSL Heartbleed Vulnerabilities Security

Eleven days ago the Heartbleed vulnerability was publicly announced. Last Friday, we issued the CloudFlare Challenge: Heartbleed and simultaneously started the process of revoking and reissuing all the SSL certificates....

Nick Sullivan

April 12, 2014 10:52AM

Certificate Revocation and Heartbleed

Heartbleed HTTPS Reliability SSL Community Vulnerabilities Security

As you may have noticed, the CloudFlare Heartbleed Challenge has been solved. The private key for the site cloudflarechallenge.com has been obtained by several authorized attackers via the Heartbleed exploit....

Nick Sullivan

April 07, 2014 10:00AM

Staying ahead of OpenSSL vulnerabilities

TLS Bugs OpenSSL Vulnerabilities Reliability Security SSL

Today a new vulnerability was announced in OpenSSL 1.0.1 that allows an attacker to reveal up to 64kB of memory to a connected client or server (CVE-2014-0160). We fixed this vulnerability last week before it was made public....

Nick Sullivan

March 11, 2014 5:00PM

The Web's Silver Jubilee

History spdy TLS SSL Security

No matter what your age, it's hard to believe that the World-Wide Web is 25 today. For the young the web has always been part of their lives, for the older it seems like it was invented only yesterday....

John Graham-Cumming

March 10, 2014 4:30PM

ECDSA: The digital signature algorithm of a better internet

This blog post is dedicated to the memory of Dr. Scott Vanstone, popularizer of elliptic curve cryptography and inventor of the ECDSA algorithm. He passed away on March 2, 2014....

By

Nick Sullivan

TLS , HTTPS , Crypto , Elliptic Curves , RSA

February 14, 2014 1:00AM

Introducing Strict SSL: Protecting Against a On-Path Attack on Origin Traffic

At CloudFlare, we are always looking for ways to improve the security of our customers’ websites. One of the features we provide is the ability to serve their website encrypted over SSL/TLS....

By

Nick Sullivan

TLS , HTTPS , Crypto , Encryption , SSL

December 26, 2013 5:00PM

Using CloudFlare to mix domain sharding and SPDY

It’s common knowledge that domain sharding, where the resources in a web page are shared across different domains (or subdomains), is a good thing....

By

John Graham-Cumming

TLS , Google , Chrome , spdy , Speed & Reliability

November 21, 2013 9:00AM

Red October: CloudFlare’s Open Source Implementation of the Two-Man Rule

At CloudFlare, we are always looking for better ways to secure the data we’re entrusted with. This means hardening our system against outside threats such as hackers, but it also means protecting against insider threats....

By

Nick Sullivan

Crypto , Open Source , Encryption , RSA , GitHub

October 24, 2013 4:00AM

A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography

Elliptic Curve Cryptography (ECC) is one of the most powerful but least understood types of cryptography in wide use today. At CloudFlare, we make extensive use of ECC to secure everything from our customers' HTTPS connections to how we pass data between our data centers....

By

Nick Sullivan

HTTPS , Elliptic Curves , Crypto , Security

July 12, 2013 12:02AM

Staying on top of TLS attacks

CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a priority. We use TLS both externally and internally and different uses of TLS have different constraints....

By

John Graham-Cumming

TLS , RC4 , Attacks , Security

February 04, 2013 2:26PM

New "Lucky Thirteen" SSL Vulnerabilities: CloudFlare Users Protected

CloudFlare often gets early word of new vulnerabilities before they are released. Last week we got word that today (Monday, February 4, 2013) there would be a new SSL vulnerability announced....

By

Matthew Prince

TLS , SSL , Vulnerabilities , Security

December 11, 2012 5:24PM

What We Just Did to Make SSL Even Faster

A little over a month ago, we published a couple of blog posts about how we were making SSL faster. Specifically, we enabled OCSP stapling across our network....

By

Matthew Prince

OCSP , Speed & Reliability , HTTPS , SSL , Security

November 28, 2012 8:21PM

Choosing a Two-Factor Authentication System

We've been thinking about how to best implement two-factor authentication to better protect our customers' accounts for quite some time now. When, about 6 months ago, my account was targeted by hackers the importance of a good account security became clear....

By

Matthew Prince

Authy , 2FA , Product News , Security