The curious case of slow downloads
2016-04-11
Some time ago we discovered that certain very slow downloads were getting abruptly terminated and began investigating whether that was a client (i.e. web browser) or server (i.e. us) problem....
CloudFlare Crypto Meetup: April 21, 2016
2016-04-08
Now back in HD: the CloudFlare Cryptography Meetup series. A while back, CloudFlare hosted a pair of Meetups focused on encryption and cryptographic technology. ...
The revenge of the listening sockets
2016-04-05
Back in November we wrote a blog post about one latency spike. Today I'd like to share a continuation of that story. As it turns out, the misconfigured rmem setting wasn't the only source of added latency. It looked like Mr Wolf hadn't finished his job....
It takes two to ChaCha (Poly)
2016-04-04
Not long ago we introduced support for TLS cipher suites based on the ChaCha20-Poly1305 AEAD, for all our customers. Back then those cipher suites were only supported by the Chrome browser and Google's websites, but were in the process of standardization. ...
Come Geek Out With The Original Inventor of DNS at CloudFlare
2016-04-01
We like DNS, we think you might too. CloudFlare and Gandi are hosting a three-part series on DNS. Our first event will be at the CloudFlare office with Paul Mockapetris, the original inventor of the Domain Name System....
Introducing CFSSL 1.2
2016-03-31
Continuing our commitment to high quality open-source software, we’re happy to announce release 1.2 of CFSSL, our TLS/PKI Swiss Army knife. We haven’t written much about CFSSL here since we originally open sourced the project in 2014, so we thought we’d provide an update....
The Trouble with Tor
2016-03-30
The Tor Project makes a browser that allows anyone to surf the Internet anonymously. Tor stands for "the onion router" and that describes how the service works. Traffic is routed through a number of relays where each relay only knows the next hop, not the ultimate destination....
Going to IETF 95? Join the TLS 1.3 hackathon
2016-03-28
If you’re in Buenos Aires on April 2-3 and are interested in building, come join the IETF Hackathon. CloudFlare and Mozilla will be working on TLS 1.3, the first new version of TLS in eight years!...
TLS Certificate Optimization: The Technical Details behind "No Browser Left Behind"
2016-03-23
Back in early December we announced our "no browser left behind" initiative to the world. Since then, we have served well over 500 billion SHA-1 certificates to visitors that otherwise would not have been able to communicate securely with our customers’ sites using HTTPS....
A Deep Dive Into DNS Packet Sizes: Why Smaller Packet Sizes Keep The Internet Safe
2016-03-04
One way that attackers DDoS websites is by repeatedly doing DNS lookups that have small queries, but large answers. The attackers spoof their IP address so that the DNS answers are sent to the server they are attacking, this is called a reflection attack....
400Gbps: Winter of Whopping Weekend DDoS Attacks
2016-03-03
Over the last month, we’ve been watching some of the largest distributed denial of service (DDoS) attacks ever seen unfold. As CloudFlare has grown we've brought on line systems capable of absorbing and accurately measuring attacks....
Staying afloat: the DROWN Attack and CloudFlare
2016-03-01
CloudFlare customers are automatically protected against the recently disclosed DROWN Attack. We do not have SSLv2 enabled on our servers....
A tale of a DNS exploit: CVE-2015-7547
2016-02-29
A buffer overflow error in GNU libc DNS stub resolver code was announced last week as CVE-2015-7547. While it doesn't have any nickname yet (last year's Ghost was more catchy), it is potentially disastrous....
Introducing CloudFlare Registrar: Designed for Security, Not the Masses
2016-02-24
At CloudFlare, we’ve constructed one of the world’s largest networks purpose-built to protect our customers from a wide range of attacks. ...
We're hosting a Null Singapore meetup!
2016-02-19
We're happy to announce that next week CloudFlare is hosting the Null Security meetup in Singapore. You are invited!...
Padding oracles and the decline of CBC-mode cipher suites
2016-02-12
At CloudFlare, we’re committed to making sure the encrypted web is available to everyone, even those with older browsers. At the same time, we want to make sure that as many people as possible are using the most modern and secure encryption available to them. ...
Change the (S)Channel! Deconstructing the Microsoft TLS Session Resumption bug
2016-02-11
Several months ago we started hearing occasional reports from .NET developers that they were having trouble maintaining HTTPS sessions with one of our customer’s websites. ...
CloudFlare’s Impact On The HTTP/2 “Universe”
2016-02-03
CloudFlare released HTTP/2 support for all customers on December 3rd, 2015. Now, two months later, it's time to take a look at the impact of this release on the HTTP/2 "universe"....
Advanced Technical "Hacks" for your site's SEO
2016-01-25
Improving your site’s SEO is probably top of mind for you, but doing so takes a lot of hard work and the rules of the game are constantly changing....
CloudFlare launches new data centers in Oslo and Minneapolis
2016-01-22
Four thousand miles (6,400 kilometers) separate CloudFlare’s latest two data centers: Oslo (#75) and Minneapolis (#76)....
