Subscribe to receive notifications of new posts:

Taming BEAST: Faster, Safer SSL now on CloudFlare

2012-06-01

1 min read
Taming BEAST: Faster, Safer SSL now on
CloudFlare

For some time, the vast majority of the web has been vulnerable to the so-called BEAST SSL attack. The attack was first demonstrated in 2011, and more than 90% of the Internet including large sites like Google.com remain vulnerable to their SSL sessions being decrypted. But, as of today, anyone with CloudFlare account with SSL need no longer fear the BEAST.

The solution to BEAST is implementing TLS 1.1 and 1.2 as well as prioritizing the RC4 cypher suites. We just rolled out support for these across our network. Along with this, we've looked over the SSL cyphers we support. We've added some additional stronger cyphers, removed some of the weakest cyphers, and prioritized them to optimize both security and SSL performance.

Faster & More Secure

This is one of those great updates where we can report that security has improved and performance is also faster. In fact, this update makes our overall SSL performance about 30% faster. Sites behind CloudFlare now receive a 90 (A) score from SSLLabs. That's higher than the scores achieved by sites like Google.com and Facebook.com, and the highest score we think we can get without sacrificing performance. If you have SSL enabled, you can test yours yourself.

All paid CloudFlare plans include SSL by default. If you don't yet have SSL, upgrade to a paid plan today to make sure all the visitors to your site can surf on a secure, encrypted connection. It's now not only the easiest SSL on the web, but also among the fastest and the safest.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.
TLSSecuritySSLProduct News

Follow on X

Matthew Prince|@eastdakota
Cloudflare|@cloudflare

Related posts

October 24, 2024 1:00 PM

Durable Objects aren't just durable, they're fast: a 10x speedup for Cloudflare Queues

Learn how we built Cloudflare Queues using our own Developer Platform and how it evolved to a geographically-distributed, horizontally-scalable architecture built on Durable Objects. Our new architecture supports over 10x more throughput and over 3x lower latency compared to the previous version....

October 08, 2024 1:00 PM

Cloudflare acquires Kivera to add simple, preventive cloud security to Cloudflare One

The acquisition and integration of Kivera broadens the scope of Cloudflare’s SASE platform beyond just apps, incorporating increased cloud security through proactive configuration management of cloud services. ...

October 06, 2024 11:00 PM

Enhance your website's security with Cloudflare’s free security.txt generator

Introducing Cloudflare’s free security.txt generator, empowering all users to easily create and manage their security.txt files. This feature enhances vulnerability disclosure processes, aligns with industry standards, and is integrated into the dashboard for seamless access. Strengthen your website's security today!...

October 02, 2024 1:00 PM

How Cloudflare auto-mitigated world record 3.8 Tbps DDoS attack

Over the past couple of weeks, Cloudflare's DDoS protection systems have automatically and successfully mitigated multiple hyper-volumetric L3/4 DDoS attacks exceeding 3 billion packets per second (Bpps). Our systems also automatically mitigated multiple attacks exceeding 3 terabits per second (Tbps), with the largest ones exceeding 3.65 Tbps. The scale of these attacks is unprecedented....