April 17, 2014 1:44AM
The Heartbleed Aftermath: all CloudFlare certificates revoked and reissued
TLS
HTTPS
Crypto
OpenSSL
Heartbleed
Vulnerabilities
Security
Eleven days ago the Heartbleed vulnerability was publicly announced. Last Friday, we issued the CloudFlare Challenge: Heartbleed and simultaneously started the process of revoking and reissuing all the SSL certificates....
April 12, 2014 10:52AM
Certificate Revocation and Heartbleed
Heartbleed
HTTPS
Reliability
SSL
Community
Vulnerabilities
Security
As you may have noticed, the CloudFlare Heartbleed Challenge has been solved. The private key for the site cloudflarechallenge.com has been obtained by several authorized attackers via the Heartbleed exploit....
April 07, 2014 10:00AM
Staying ahead of OpenSSL vulnerabilities
TLS
Bugs
OpenSSL
Vulnerabilities
Reliability
Security
SSL
Today a new vulnerability was announced in OpenSSL 1.0.1 that allows an attacker to reveal up to 64kB of memory to a connected client or server (CVE-2014-0160). We fixed this vulnerability last week before it was made public....
March 11, 2014 5:00PM
The Web's Silver Jubilee
History
spdy
TLS
SSL
Security
No matter what your age, it's hard to believe that the World-Wide Web is 25 today. For the young the web has always been part of their lives, for the older it seems like it was invented only yesterday....
March 10, 2014 4:30PM
ECDSA: The digital signature algorithm of a better internet
TLS
HTTPS
Crypto
Elliptic Curves
RSA
Security
This blog post is dedicated to the memory of Dr. Scott Vanstone, popularizer of elliptic curve cryptography and inventor of the ECDSA algorithm. He passed away on March 2, 2014....
February 14, 2014 1:00AM
Introducing Strict SSL: Protecting Against a On-Path Attack on Origin Traffic
At CloudFlare, we are always looking for ways to improve the security of our customers’ websites. One of the features we provide is the ability to serve their website encrypted over SSL/TLS....