The Cloudflare Blog

Subscribe to receive notifications of new posts:

New OpenSSL vulnerabilities: CloudFlare systems patched

2014-06-05

John Graham-Cumming

1 min read

The OpenSSL team announced seven vulnerabilities covering OpenSSL 0.9.8, 1.0.0, 1.0.1 and 1.0.2 (i.e. all versions) earlier today.

[

](http://ccsinjection.lepidum.co.jp/)

The most serious of these is a potential on-path attack CVE-2014-0224 which is being referred to as CCS Injection. Both Google's Adam Langley and the original reporter of the problem have write ups that give more technical detail.

We have applied the required patch to all CloudFlare servers and customers are protected against CVE-2014-0224 and all the other vulnerabilities announced today.

Everyone who uses OpenSSL in their software or on their server should upgrade as soon as possible; the OpenSSL team has released new versions today.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

OpenSSL Vulnerabilities Reliability SSL

Follow on X

Cloudflare|@cloudflare

October 09, 2024 1:00 PM

Improving platform resilience at Cloudflare through automation

We realized that we need a way to automatically heal our platform from an operations perspective, and designed and built a workflow orchestration platform to provide these self-healing capabilities across our global network. We explore how this has helped us to reduce the impact on our customers due to operational issues, and the rich variety of similar problems it has empowered us to solve....

Opeyemi Onikute

Edge, Engineering, Serverless, Developer Platform, Developers, Agile Developer Services, Go, Reliability, Speed & Reliability

September 19, 2024 2:00 PM

How Cloudflare is helping domain owners with the upcoming Entrust CA distrust by Chrome and Mozilla

Chrome and Mozilla will stop trusting Entrust’s public TLS certificates issued after November 2024 due to concerns about Entrust’s compliance with security standards. In response, Entrust is partnering with SSL.com to continue providing trusted certificates. Cloudflare will support SSL.com as a CA, simplifying certificate management for customers using Entrust by automating issuance and renewals....

Dina Kozlov

SSL, SaaS, Certificate Authority, Advanced Certificate Manager, Application Services, Application Security

August 08, 2024 2:05 PM

Introducing Automatic SSL/TLS: securing and simplifying origin connectivity

This new Automatic SSL/TLS setting will maximize and simplify the encryption modes Cloudflare uses to communicate with origin servers by using the SSL/TLS Recommender....

SSL, TLS, Network Services, Encryption, Research

July 29, 2024 1:00 PM

Avoiding downtime: modern alternatives to outdated certificate pinning practices

The number of outages caused by certificate pinning is increasing. We’ll explore why certificate pinning hasn’t kept up with modern standards and recommend alternatives to improve security while reducing management overhead...

Dina Kozlov

Security, Network Services, Certificate Pinning, TLS, SSL, Certificate Transparency