2024-11-07
NIST has standardized four post-quantum signature schemes so far, and they’re not done yet: there are fourteen new candidates in the running for standardization. In this blog post we take measure of them and discover why we ended up with so many PQ signatures....
Continue reading »
2024-09-25
Cloudflare's customers can now take advantage of Zstandard (zstd) compression, offering 42% faster compression than Brotli and 11.3% more efficiency than GZIP. We're further optimizing performance for our customers with HTTP/3 prioritization and BBR congestion control, and enhancing privacy through Encrypted Client Hello (ECH)....
2024-08-08
This new Automatic SSL/TLS setting will maximize and simplify the encryption modes Cloudflare uses to communicate with origin servers by using the SSL/TLS Recommender....
2024-07-29
The number of outages caused by certificate pinning is increasing. We’ll explore why certificate pinning hasn’t kept up with modern standards and recommend alternatives to improve security while reducing management overhead...
2024-04-12
Let’s Encrypt’s cross-signed chain will be expiring in September. This will affect legacy devices with outdated trust stores (Android versions 7.1.1 or older). To prevent this change from impacting customers, Cloudflare will shift Let’s Encrypt certificates upon renewal to use a different CA...
March 14, 2024 2:00 PM
Let’s Encrypt’s cross-signed chain will be expiring in September. To prepare for the change, after May 15th, 2024, Cloudflare will start issuing certs from Let’s Encrypt’s ISRG X1 chain. This change will impact legacy devices with outdated trust stores (Android versions 7.1.1 or ...
September 04, 2023 1:00 PM
In this blog we’re going to take a closer look at “connection coalescing”, with specific focus on manage it at a large scale...
August 09, 2023 1:00 PM
Starting today, customers that use Cloudflare’s Advanced Certificate Manager can configure TLS settings on individual hostnames within a domain...
July 11, 2023 1:00 PM
API shield customers can now upload their own CA to use for client certificate validation. This ensures that only authorized clients and devices can make requests to your API endpoint or application. ...
April 03, 2023 1:00 PM
This blog post outlines the root cause analysis and solution for a bug found in Cloudflare’s mTLS implementation...
March 23, 2023 1:00 PM
Cloudflare will now allow customers that are managing DNS externally to auto-renew certificates through DCV Delegation...
March 13, 2023 1:00 PM
Mutual TLS is used to secure a range of network services and applications: APIs, web applications, microservices, databases and IoT devices. With mTLS support for Workers you can use Workers to authenticate to any service secured by mTLS directly!...
December 15, 2022 2:00 PM
We’re excited to announce a new version of Geo Key Manager — one that allows customers to define boundaries by country, by a region, or by a standard, such as “only store my private keys in FIPS compliant data centers” — now available in Closed Beta....
November 16, 2022 2:00 PM
We’re excited to announce that Workers will soon be able to send outbound requests through a mutually authenticated channel via mutual TLS authentication!...
October 06, 2022 6:00 PM
Today, we’re excited to announce Total TLS — a one-click feature that will issue individual TLS certificates for every subdomain in our customer’s domains...
August 04, 2022 1:00 PM
The future is post quantum. Enable post-quantum key agreement on your test zone today and get a headstart...
March 14, 2022 12:59 PM
We are excited to introduce backup certificates to increase reliability of our service for anyone using the Cloudflare platform in the event of key compromises or related issues...
November 08, 2021 3:39 PM
How much room does TLS have for the big post-quantum signatures? We had a look: it’s tight....
October 22, 2021 3:31 PM
We are very excited to announce that Cloudflare for SaaS is generally available, so that every customer, big and small, can use Cloudflare for SaaS to continue scaling and building their SaaS business. ...
October 13, 2021 12:59 PM
Learn more about Exported Authenticators, a new extension to TLS, currently going through the IETF standardisation process....
