New for Virtual DNS Customers: Self-Service Dashboard and APIs, and Two New Features
2016-04-13
Today we're launching two new features and a brand new dashboard and API for Virtual DNS. Virtual DNS is CloudFlare’s DNS proxy that sits in front of some of the largest hosting providers in the world, shielding their DNS infrastructure from attacks....
What happened next: the deprecation of ANY
2016-04-13
Almost a year ago, we announced that we were going to stop answering DNS ANY queries. We were prompted by a number of factors: The lack of legitimate ANY use. The abundance of malicious ANY use. The constant use of ANY queries in large DNS amplification DDoS attacks....
Taipei: CloudFlare’s 77th Data Center is Now Live
2016-04-11
We are excited to announce the launch of our Taipei data center, which is our 28th data center in Asia, and our 77th data center globally. Millions of websites which were previously served from Hong Kong are now served locally from Taipei....
The curious case of slow downloads
2016-04-11
Some time ago we discovered that certain very slow downloads were getting abruptly terminated and began investigating whether that was a client (i.e. web browser) or server (i.e. us) problem....
CloudFlare Crypto Meetup: April 21, 2016
2016-04-08
Now back in HD: the CloudFlare Cryptography Meetup series. A while back, CloudFlare hosted a pair of Meetups focused on encryption and cryptographic technology. ...
The revenge of the listening sockets
2016-04-05
Back in November we wrote a blog post about one latency spike. Today I'd like to share a continuation of that story. As it turns out, the misconfigured rmem setting wasn't the only source of added latency. It looked like Mr Wolf hadn't finished his job....
It takes two to ChaCha (Poly)
2016-04-04
Not long ago we introduced support for TLS cipher suites based on the ChaCha20-Poly1305 AEAD, for all our customers. Back then those cipher suites were only supported by the Chrome browser and Google's websites, but were in the process of standardization. ...
Come Geek Out With The Original Inventor of DNS at CloudFlare
2016-04-01
We like DNS, we think you might too. CloudFlare and Gandi are hosting a three-part series on DNS. Our first event will be at the CloudFlare office with Paul Mockapetris, the original inventor of the Domain Name System....
Introducing CFSSL 1.2
2016-03-31
Continuing our commitment to high quality open-source software, we’re happy to announce release 1.2 of CFSSL, our TLS/PKI Swiss Army knife. We haven’t written much about CFSSL here since we originally open sourced the project in 2014, so we thought we’d provide an update....
The Trouble with Tor
2016-03-30
The Tor Project makes a browser that allows anyone to surf the Internet anonymously. Tor stands for "the onion router" and that describes how the service works. Traffic is routed through a number of relays where each relay only knows the next hop, not the ultimate destination....
Going to IETF 95? Join the TLS 1.3 hackathon
2016-03-28
If you’re in Buenos Aires on April 2-3 and are interested in building, come join the IETF Hackathon. CloudFlare and Mozilla will be working on TLS 1.3, the first new version of TLS in eight years!...
TLS Certificate Optimization: The Technical Details behind "No Browser Left Behind"
2016-03-23
Back in early December we announced our "no browser left behind" initiative to the world. Since then, we have served well over 500 billion SHA-1 certificates to visitors that otherwise would not have been able to communicate securely with our customers’ sites using HTTPS....
A Deep Dive Into DNS Packet Sizes: Why Smaller Packet Sizes Keep The Internet Safe
2016-03-04
One way that attackers DDoS websites is by repeatedly doing DNS lookups that have small queries, but large answers. The attackers spoof their IP address so that the DNS answers are sent to the server they are attacking, this is called a reflection attack....
400Gbps: Winter of Whopping Weekend DDoS Attacks
2016-03-03
Over the last month, we’ve been watching some of the largest distributed denial of service (DDoS) attacks ever seen unfold. As CloudFlare has grown we've brought on line systems capable of absorbing and accurately measuring attacks....
Staying afloat: the DROWN Attack and CloudFlare
2016-03-01
CloudFlare customers are automatically protected against the recently disclosed DROWN Attack. We do not have SSLv2 enabled on our servers....
A tale of a DNS exploit: CVE-2015-7547
2016-02-29
A buffer overflow error in GNU libc DNS stub resolver code was announced last week as CVE-2015-7547. While it doesn't have any nickname yet (last year's Ghost was more catchy), it is potentially disastrous....
Introducing CloudFlare Registrar: Designed for Security, Not the Masses
2016-02-24
At CloudFlare, we’ve constructed one of the world’s largest networks purpose-built to protect our customers from a wide range of attacks. ...
We're hosting a Null Singapore meetup!
2016-02-19
We're happy to announce that next week CloudFlare is hosting the Null Security meetup in Singapore. You are invited!...
Padding oracles and the decline of CBC-mode cipher suites
2016-02-12
At CloudFlare, we’re committed to making sure the encrypted web is available to everyone, even those with older browsers. At the same time, we want to make sure that as many people as possible are using the most modern and secure encryption available to them. ...