2025-09-04
Unauthorized TLS certificates were issued for 1.1.1.1 by a Certification Authority without permission from Cloudflare. These rogue certificates have now been revoked....
Continue reading »
2025-02-07
Cloudflare patched a Mutual TLS (mTLS) vulnerability (CVE-2025-23419) reported via its Bug Bounty Program. The flaw in session resumption allowed client certificates to authenticate across different...
2024-11-07
NIST has standardized four post-quantum signature schemes so far, and they’re not done yet: there are fourteen new candidates in the running for standardization....
2024-09-25
Cloudflare's customers can now take advantage of Zstandard (zstd) compression, offering 42% faster compression than Brotli and 11.3% more efficiency than GZIP. We're further optimizing performance for our customers with HTTP/3 prioritization and BBR congestion control, and enhancing privacy through Encrypted Client Hello (ECH)....
2024-08-08
This new Automatic SSL/TLS setting will maximize and simplify the encryption modes Cloudflare uses to communicate with origin servers by using the SSL/TLS Recommender....
July 29, 2024 1:00 PM
Outages caused by certificate pinning is increasing. Learn why certificate pinning hasn’t kept up with modern standards and find alternatives to improve security while reducing management overhead...
April 12, 2024 1:00 PM
Let’s Encrypt’s cross-signed chain will be expiring in September. This will affect legacy devices with outdated trust stores (Android versions 7.1.1 or older). To prevent this change from impacting customers, Cloudflare will shift Let’s Encrypt certificates upon renewal to use a ...
March 14, 2024 2:00 PM
Let’s Encrypt’s cross-signed chain will be expiring. To prepare for, Cloudflare will issue certs from Let’s Encrypt’s ISRG X1 chain. This change impacts legacy devices with outdated trust stores....
September 04, 2023 1:00 PM
In this blog we’re going to take a closer look at “connection coalescing”, with specific focus on manage it at a large scale...
August 09, 2023 1:00 PM
Starting today, customers that use Cloudflare’s Advanced Certificate Manager can configure TLS settings on individual hostnames within a domain...
July 11, 2023 1:00 PM
API shield customers can now upload their own CA to use for client certificate validation. This ensures that only authorized clients and devices can make requests to your API endpoint or application. ...
April 03, 2023 1:00 PM
This blog post outlines the root cause analysis and solution for a bug found in Cloudflare’s mTLS implementation...
March 23, 2023 1:00 PM
Cloudflare will now allow customers that are managing DNS externally to auto-renew certificates through DCV Delegation...
March 13, 2023 1:00 PM
Mutual TLS is used to secure a range of network services and applications: APIs, web applications, microservices, databases and IoT devices. With mTLS support for Workers you can use Workers to authenticate to any service secured by mTLS directly!...
December 15, 2022 2:00 PM
We’re excited to announce a new version of Geo Key Manager — one that allows customers to define boundaries by country, by a region, or by a standard, such as “only store my private keys in FIPS compliant data centers” — now available in Closed Beta....
November 16, 2022 2:00 PM
We’re excited to announce that Workers will soon be able to send outbound requests through a mutually authenticated channel via mutual TLS authentication!...
October 06, 2022 6:00 PM
Today, we’re excited to announce Total TLS — a one-click feature that will issue individual TLS certificates for every subdomain in our customer’s domains...
August 04, 2022 1:00 PM
The future is post quantum. Enable post-quantum key agreement on your test zone today and get a headstart...
March 14, 2022 12:59 PM
We are excited to introduce backup certificates to increase reliability of our service for anyone using the Cloudflare platform in the event of key compromises or related issues...
November 08, 2021 3:39 PM
How much room does TLS have for the big post-quantum signatures? We had a look: it’s tight....
