Staging TLS Certificates: Make every deployment a safe deployment
October 06, 2021 12:56 PM
We are excited to announce that Enterprise customers now have the ability to test custom uploaded certificates in a staging environment before pushing them to production. ...
Heartbleed Revisited
March 27, 2021 1:00 PM
TLS key compromise is a risk for all web services. Taking lessons from Heartbleed, Cloudflare offers the latest features that make key compromise less of a risk....
KEMTLS: Post-quantum TLS without signatures
January 15, 2021 12:00 PM
The TLS 1.3 protocol has been around for quite some time, but it will be broken once quantum computers arrive. What can we do? In this blog post, we will examine a technique for achieving full post-quantum security for TLS 1.3 in the face of quantum computers: KEMTLS....
Helping build the next generation of privacy-preserving protocols
December 08, 2020 12:00 PM
Today, we’re making several announcements around improving Internet protocols with respect to something important to our customers and Internet users worldwide: privacy....
MORE POSTS
November 13, 2020 12:00 PM
Automated Origin CA for Kubernetes
Today we're releasing origin-ca-issuer, an extension to cert-manager integrating with Cloudflare Origin CA to easily create and renew certificates for your account's domains....
- By
April 09, 2020 11:00 AM
Internship Experience: Cryptography Engineer
Back in the summer of 2017 I was an intern at Cloudflare. During the scholastic year I was a grad student working on automorphic forms and computational Langlands at Berkeley....
- By
November 20, 2019 4:30 PM
Even faster connection establishment with QUIC 0-RTT resumption
One of the more interesting features introduced by TLS 1.3, the latest revision of the TLS protocol, was the so called “zero roundtrip time connection resumption”, a mode of operation that allows a client to start sending application data, such as HTTP requests...
- By
October 30, 2019 1:00 PM
The TLS Post-Quantum Experiment
In June, we announced a wide-scale post-quantum experiment with Google. We implemented two post-quantum (i.e., not yet known to be broken by quantum computers) key exchanges, integrated them into our TLS stack and deployed the implementation on our edge servers and in Chrome Cana...
- By
June 20, 2019 1:01 PM
Towards Post-Quantum Cryptography in TLS
In anticipation of wide-spread quantum computing, the transition from classical public-key cryptography primitives to post-quantum (PQ) alternatives has started....
- By
June 20, 2019 1:00 PM
Introducing CIRCL: An Advanced Cryptographic Library
Today we are proud to release the source code of a cryptographic library we’ve been working on: a collection of cryptographic primitives written in Go, called CIRCL. ...
- By
June 18, 2019 1:00 PM
Securing Certificate Issuance using Multipath Domain Control Validation
Trust on the Internet is underpinned by the Public Key Infrastructure (PKI). PKI grants servers the ability to securely serve websites by issuing digital certificates, providing the foundation for encrypted and authentic communication. ...
- By
February 05, 2019 4:00 PM
Cloudflare Support for Azure Customers
Cloudflare seeks to help its end customers use whichever public and private clouds best suit their needs. Towards that goal, we have been working to make sure our solutions work well with various public cloud providers including Microsoft’s Azure platform....
- By
January 24, 2019 5:57 PM
HTTP/3: From root to tip
Explore HTTP/3 from root to tip and discover the backstory of this new HTTP syntax that works on top of the IETF QUIC transport....
- By
January 23, 2019 9:13 AM
Tracing Soon-to-Expire Federal .gov Certificates with CT Monitors
As of December 22, 2018, parts of the US Government have “shut down” because of a lapse in appropriation. The shutdown has caused the furlough of employees across the government and has affected federal contracts. ...
- By
December 21, 2018 4:00 PM
Encrypting DNS end-to-end
Over the past few months, we have been running a pilot with Facebook to test the feasibility of securing the connection between 1.1.1.1 and Facebook’s authoritative name servers. ...
- By
November 29, 2018 9:54 AM
Know your SCM_RIGHTS
As TLS 1.3 was ratified earlier this year, I was recollecting how we got started with it here at Cloudflare. We made the decision to be early adopters of TLS 1.3 a little over two years ago. It was a very important decision, and we took it very seriously....
- By
September 24, 2018 12:01 PM
Encrypt it or lose it: how encrypted SNI works
Today we announced support for encrypted SNI, an extension to the TLS 1.3 protocol that improves privacy of Internet users....
- By
September 21, 2018 12:00 PM
Roughtime: Securing Time with Digital Signatures
When you visit a secure website, it offers you a TLS certificate that asserts its identity. Every certificate has an expiration date, and when it’s passed due, it is no longer valid....
- By