Subscribe to receive notifications of new posts:

Taming BEAST: Faster, Safer SSL now on CloudFlare

06/01/2012

2 min read

Taming BEAST: Faster, Safer SSL now on
CloudFlare

For some time, the vast majority of the web has been vulnerable to the so-called BEAST SSL attack. The attack was first demonstrated in 2011, and more than 90% of the Internet including large sites like Google.com remain vulnerable to their SSL sessions being decrypted. But, as of today, anyone with CloudFlare account with SSL need no longer fear the BEAST.

The solution to BEAST is implementing TLS 1.1 and 1.2 as well as prioritizing the RC4 cypher suites. We just rolled out support for these across our network. Along with this, we've looked over the SSL cyphers we support. We've added some additional stronger cyphers, removed some of the weakest cyphers, and prioritized them to optimize both security and SSL performance.

Faster & More Secure

This is one of those great updates where we can report that security has improved and performance is also faster. In fact, this update makes our overall SSL performance about 30% faster. Sites behind CloudFlare now receive a 90 (A) score from SSLLabs. That's higher than the scores achieved by sites like Google.com and Facebook.com, and the highest score we think we can get without sacrificing performance. If you have SSL enabled, you can test yours yourself.

All paid CloudFlare plans include SSL by default. If you don't yet have SSL, upgrade to a paid plan today to make sure all the visitors to your site can surf on a secure, encrypted connection. It's now not only the easiest SSL on the web, but also among the fastest and the safest.

We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet application, ward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.
TLSSecuritySSLProduct News

Follow on X

Matthew Prince|@eastdakota
Cloudflare|@cloudflare

Related posts

May 30, 2024 12:12 PM

Cloudflare acquires BastionZero to extend Zero Trust access to IT infrastructure

We’re excited to announce that BastionZero, a Zero Trust infrastructure access platform, has joined Cloudflare. This acquisition extends our Zero Trust Network Access (ZTNA) flows with native access management for infrastructure like servers, Kubernetes clusters, and databases...

April 12, 2024 1:00 PM

How we ensure Cloudflare customers aren't affected by Let's Encrypt's certificate chain change

Let’s Encrypt’s cross-signed chain will be expiring in September. This will affect legacy devices with outdated trust stores (Android versions 7.1.1 or older). To prevent this change from impacting customers, Cloudflare will shift Let’s Encrypt certificates upon renewal to use a different CA...