Zero Trust WARP: tunneling with a MASQUE
2024-03-06
This blog discusses the introduction of MASQUE to Zero Trust WARP and how Cloudflare One customers will benefit from this modern protocol...
Continue reading »
A cost-effective and extensible testbed for transport protocol development
2020-01-14
At Cloudflare, we develop protocols at multiple layers of the network stack. In the past, we focused on HTTP/1.1, HTTP/2, and TLS 1.3. Now, we are working on QUIC and HTTP/3, which are still in IETF draft, but gaining a lot of interest....
Know your SCM_RIGHTS
2018-11-29
As TLS 1.3 was ratified earlier this year, I was recollecting how we got started with it here at Cloudflare. We made the decision to be early adopters of TLS 1.3 a little over two years ago. It was a very important decision, and we took it very seriously....
Encrypt that SNI: Firefox edition
2018-10-18
A couple of weeks ago we announced support for the encrypted Server Name Indication (SNI) TLS extension (ESNI for short). As promised, our friends at Mozilla landed support for ESNI in Firefox Nightl. ...
Encrypt it or lose it: how encrypted SNI works
2018-09-24
Today we announced support for encrypted SNI, an extension to the TLS 1.3 protocol that improves privacy of Internet users....
MORE POSTS
August 10, 2018 11:00 PM
A Detailed Look at RFC 8446 (a.k.a. TLS 1.3)
TLS 1.3 (RFC 8446) was published today. This article provides a deep dive into the changes introduced in TLS 1.3 and its impact on the future of internet security....
- By
May 16, 2018 5:28 PM
You get TLS 1.3! You get TLS 1.3! Everyone gets TLS 1.3!
It's no secret that Cloudflare has been a big proponent of TLS 1.3, the newest edition of the TLS protocol that improves both speed and security, since we have made it available to our customers starting in 2016. ...
- By
December 26, 2017 8:30 PM
Why TLS 1.3 isn't in browsers yet
Upgrading a security protocol in an ecosystem as complex as the Internet is difficult. You need to update clients and servers and make sure everything in between continues to work correctly. The Internet is in the middle of such an upgrade right now. ...
- By
December 24, 2017 4:57 PM
TLS 1.3 is going to save us all, and other reasons why IoT is still insecure
As I’m writing this, four DDoS attacks are ongoing and being automatically mitigated by Gatebot. Cloudflare’s job is to get attacked. Our network gets attacked constantly....
- By
December 07, 2017 2:00 PM
CAA of the Wild: Supporting a New Standard
One thing we take pride in at Cloudflare is embracing new protocols and standards that help make the Internet faster and safer. Sometimes this means that we’ll launch support for experimental features or standards still under active development, as we did with TLS 1.3....
- By
December 06, 2017 2:00 PM
Make SSL boring again
It may (or may not!) come as surprise, but a few months ago we migrated Cloudflare’s edge SSL connection termination stack to use BoringSSL: Google's crypto and SSL implementation that started as a fork of OpenSSL....
- By
September 01, 2017 8:48 PM
SIDH in Go for quantum-resistant TLS 1.3
Most of today's cryptography is designed to be secure against an adversary with enormous amounts of computational power. This means estimating how much work certain computations require, and choosing cryptographic parameters based on our best estimates....
- By
March 15, 2017 2:00 PM
Introducing Zero Round Trip Time Resumption (0-RTT)
Cloudflare’s mission is to help build a faster and more secure Internet. Over the last several years, the Internet Engineering Task Force (IETF) has been working on a new version of TLS, the protocol that powers the secure web....
- By
February 15, 2017 12:49 AM
NCC Group's Cryptography Services audits our Go TLS 1.3 stack
The Cloudflare TLS 1.3 beta is run by a Go implementation of the protocol based on the Go standard library, crypto/tls. ...
- By
February 01, 2017 2:57 PM
TLS 1.3 explained by the Cloudflare Crypto Team at 33c3
Nick Sullivan and I gave a talk about TLS 1.3 at 33c3, the latest Chaos Communication Congress. The congress, attended by more that 13,000 hackers in Hamburg, has been one of the hallmark events of the security community for more than 30 years....
- By
November 02, 2016 11:45 PM
Cloudflare Crypto Meetup #4: November 22
Come join us on Cloudflare HQ in San Francisco on Tuesday, November 22 for another cryptography meetup. We had such a great time at the last one, we decided to host another....
- By
October 12, 2016 3:05 PM
TLS nonce-nse
One of the base principles of cryptography is that you can't just encrypt multiple messages with the same key. At the very least, what will happen is that two messages that have identical plaintext will also have identical ciphertext, which is a dangerous leak. ...
- By
September 23, 2016 4:01 PM
An overview of TLS 1.3 and Q&A
The CloudFlare London office hosts weekly internal Tech Talks (with free lunch picked by the speaker). My recent one was an explanation of the latest version of TLS, 1.3, how it works and why it's faster and safer....
- By
September 21, 2016 3:51 PM
Opportunistic Encryption: Bringing HTTP/2 to the unencrypted web
Encrypting the web is not an easy task. Various complexities prevent websites from migrating from HTTP to HTTPS, including mixed content, which can prevent sites from functioning with HTTPS. ...
- By
September 20, 2016 1:04 PM
Introducing TLS 1.3
The encrypted Internet is about to become a whole lot snappier. When it comes to browsing, we’ve been driving around in a beat-up car from the 90s for a while. Little does anyone know, we’re all about to trade in our station wagons for a smoking new sports car. ...
- By