Enforce Web Policy with HTTP Strict Transport Security (HSTS)
February 26, 2015 1:25 AM
HTTP Strict Transport Security (HSTS, RFC 6797) is a web security policy technology designed to help secure HTTPS web servers against downgrade attacks....
Universal SSL: Encryption all the way to the origin, for free
February 24, 2015 8:15 PM
Last September, CloudFlare unveiled Universal SSL, enabling HTTPS support for all sites by default. All sites using CloudFlare now support strong cryptography from the browser to CloudFlare’s servers....
TLS Session Resumption: Full-speed and Secure
February 24, 2015 2:20 PM
At CloudFlare, making web sites faster and safer at scale is always a driving force for innovation. We introduced “Universal SSL” to dramatically increase the size of the encrypted web....
Do the ChaCha: better mobile performance with cryptography
February 23, 2015 8:22 PM
CloudFlare is always trying to improve customer experience by adopting the latest and best web technologies so that our customers (and their visitors) have a fast and a secure web browsing experience....
End of the road for RC4
February 23, 2015 6:51 PM
Today, we completely disabled the RC4 encryption algorithm for all SSL/TLS connections to CloudFlare sites. It's no longer possible to connect to any site that uses CloudFlare using RC4....
MORE POSTS
January 21, 2015 9:47 PM
Flexible SSL & Wordpress: Fixing “Mixed Content” Errors
As many are aware, CloudFlare launched Universal SSL several months ago. We saw lots of customers sign up and start using these new, free SSL certificates. For many customers that didn’t already have an SSL certificate, they were able to use “Flexible SSL”....
- By
December 22, 2014 9:08 PM
Kyoto Tycoon Secure Replication
Kyoto Tycoon is a distributed key-value store written by FAL Labs, and it is used extensively at CloudFlare. Like many popular key-value stores, Kyoto Tycoon uses timestamp-based replication to ensure eventual consistency and guarantee ordering....
- By
November 10, 2014 11:28 PM
CloudFlare and SHA-1 Certificates
At CloudFlare, we’re dedicated to ensuring sites are not only secure, but also available to the widest audience. In the coming months, both Google’s Chrome browser and Mozilla’s Firefox browser are changing their policy with respect to certain web site certificates....
- By
October 14, 2014 9:37 PM
SSLv3 Support Disabled By Default Due to POODLE Vulnerability
For the last week we've been tracking rumors about a new vulnerability in SSL. This specific vulnerability, which was just announced, targets SSLv3. ...
- By
October 07, 2014 10:39 AM
DNSSEC: An Introduction
At CloudFlare our mission is to help build a better Internet. Part of this effort includes making web sites faster, more reliable, and more trustworthy....
- By
October 06, 2014 9:35 PM
The little extra that comes with Universal SSL
Last Monday we announced our SSL for Free plan users called Universal SSL. Universal SSL means that any site running on CloudFlare gets a free SSL certificate, and is automatically secured over HTTPS....
- By
October 01, 2014 10:57 PM
Universal SSL: How It Scales
On Monday, we announced Universal SSL, enabling HTTPS for all websites using CloudFlare’s Free plan. Universal SSL represents a massive increase in the number of sites we serve over HTTPS—from tens of thousands, to millions....
- By
September 30, 2014 5:27 AM
Universal SSL: Be just a bit more patient
It turns out it takes a while to deploy SSL certificates for 2 million websites. :-) Even longer when you get a flood of new sign ups. While we'd hoped to have the deployment complete within 24 hours of the announcement, it now looks like it's going to take a bit longer....
- By
September 29, 2014 11:14 PM
Origin Server Connection Security with Universal SSL
Earlier today, CloudFlare enabled Universal SSL: HTTPS support for all sites by default. Universal SSL provides state-of-the-art encryption between browsers and CloudFlare’s edge servers keeping web traffic private and secure from tampering....
- By
September 29, 2014 9:56 AM
Introducing Universal SSL
The team at CloudFlare is excited to announce the release of Universal SSL™. Beginning today, we will support SSL connections to every CloudFlare customer, including the 2 million sites that have signed up for the free version of our service....
- By
September 19, 2014 8:53 AM
Keyless SSL: The Nitty Gritty Technical Details
We announced Keyless SSL yesterday to an overwhelmingly positive response. We read through the comments on this blog, Reddit, Hacker News, and people seem interested in knowing more and getting deeper into the technical details....
- By
August 06, 2014 2:00 PM
Google Now Factoring HTTPS Support Into Ranking; CloudFlare On Track to Make it Free and Easy
As of today, there are only about 2 million websites that support HTTPS. That's a shamefully low number. Two things are about to happen that we at CloudFlare are hopeful will begin to change that and make everyone love locks (at least on the web!)....
- By
July 10, 2014 4:00 AM
Introducing CFSSL - CloudFlare's PKI toolkit
Today we’re proud to introduce CFSSL—our open source toolkit for everything TLS/SSL. CFSSL is used internally by CloudFlare for bundling TLS/SSL certificates chains, and for our internal Certificate Authority infrastructure....
- By
May 19, 2014 2:00 PM
The Web is World-Wide, or who still needs RC4?
Two weeks ago we changed our TLS configuration to deprioritize the RC4 encryption method because it is widely thought to be vulnerable to attack. At the time we had an internal debate about turning off RC4 altogether, but statistics showed that we couldn't....
- By