Taming BEAST: Faster, Safer SSL now on

For some time, the vast majority of the web has been vulnerable to the so-called BEAST SSL attack. The attack was first demonstrated in 2011, and more than 90% of the Internet including large sites like Google.com remain vulnerable to their SSL sessions being decrypted. But, as of today, anyone with CloudFlare account with SSL need no longer fear the BEAST.

The solution to BEAST is implementing TLS 1.1 and 1.2 as well as prioritizing the RC4 cypher suites. We just rolled out support for these across our network. Along with this, we've looked over the SSL cyphers we support. We've added some additional stronger cyphers, removed some of the weakest cyphers, and prioritized them to optimize both security and SSL performance.

Faster & More Secure

This is one of those great updates where we can report that security has improved and performance is also faster. In fact, this update makes our overall SSL performance about 30% faster. Sites behind CloudFlare now receive a 90 (A) score from SSLLabs. That's higher than the scores achieved by sites like Google.com and Facebook.com, and the highest score we think we can get without sacrificing performance. If you have SSL enabled, you can test yours yourself.

All paid CloudFlare plans include SSL by default. If you don't yet have SSL, upgrade to a paid plan today to make sure all the visitors to your site can surf on a secure, encrypted connection. It's now not only the easiest SSL on the web, but also among the fastest and the safest.