An introduction to JavaScript-based DDoS
April 30, 2015
CloudFlare protects millions of websites from online threats. One of the oldest and most pervasive attacks launched against websites is the Distributed Denial of Service (DDoS) attack....
Introducing Multi-User Organizations: Share An Account Without Sharing A Login
April 29, 2015
An enterprise needs security and controls around access. Your web developer needs to update your website’s logo and make sure it’s live immediately, but doesn’t need access to your SSL keys. ...
Contributing back to the security community
April 21, 2015
This Friday at the RSA Conference in San Francisco, along with Marc Rogers, Principal Security Researcher at CloudFlare, I'm speaking about a version of The Grugq's PORTAL, an open source network security device designed to make life easier and safer....
Protecting web origins with Authenticated Origin Pulls
February 27, 2015
As we have been discussing this week, securing the connection between CloudFlare and the origin server is arguably just as important as securing the connection between end users and CloudFlare. ...
Enforce Web Policy with HTTP Strict Transport Security (HSTS)
February 26, 2015
HTTP Strict Transport Security (HSTS, RFC 6797) is a web security policy technology designed to help secure HTTPS web servers against downgrade attacks....
MORE POSTS
February 24, 2015
TLS Session Resumption: Full-speed and Secure
At CloudFlare, making web sites faster and safer at scale is always a driving force for innovation. We introduced “Universal SSL” to dramatically increase the size of the encrypted web....
- By
February 23, 2015
Do the ChaCha: better mobile performance with cryptography
CloudFlare is always trying to improve customer experience by adopting the latest and best web technologies so that our customers (and their visitors) have a fast and a secure web browsing experience....
- By
February 23, 2015
End of the road for RC4
Today, we completely disabled the RC4 encryption algorithm for all SSL/TLS connections to CloudFlare sites. It's no longer possible to connect to any site that uses CloudFlare using RC4....
- By
February 23, 2015
SSL Week Means Less Weak SSL
I'm excited to announce that today kicks off SSL Week at CloudFlare. Over the course of this week, we'll make a series of announcements on what we're doing to improve encryption on the Internet....
- By
January 21, 2015
Flexible SSL & Wordpress: Fixing “Mixed Content” Errors
As many are aware, CloudFlare launched Universal SSL several months ago. We saw lots of customers sign up and start using these new, free SSL certificates. For many customers that didn’t already have an SSL certificate, they were able to use “Flexible SSL”....
- By
December 22, 2014
Kyoto Tycoon Secure Replication
Kyoto Tycoon is a distributed key-value store written by FAL Labs, and it is used extensively at CloudFlare. Like many popular key-value stores, Kyoto Tycoon uses timestamp-based replication to ensure eventual consistency and guarantee ordering....
- By
November 10, 2014
CloudFlare and SHA-1 Certificates
At CloudFlare, we’re dedicated to ensuring sites are not only secure, but also available to the widest audience. In the coming months, both Google’s Chrome browser and Mozilla’s Firefox browser are changing their policy with respect to certain web site certificates....
- By
October 14, 2014
SSLv3 Support Disabled By Default Due to POODLE Vulnerability
For the last week we've been tracking rumors about a new vulnerability in SSL. This specific vulnerability, which was just announced, targets SSLv3. ...
- By
October 07, 2014
DNSSEC: An Introduction
At CloudFlare our mission is to help build a better Internet. Part of this effort includes making web sites faster, more reliable, and more trustworthy....
- By
October 06, 2014
The little extra that comes with Universal SSL
Last Monday we announced our SSL for Free plan users called Universal SSL. Universal SSL means that any site running on CloudFlare gets a free SSL certificate, and is automatically secured over HTTPS....
- By
October 01, 2014
Universal SSL: How It Scales
On Monday, we announced Universal SSL, enabling HTTPS for all websites using CloudFlare’s Free plan. Universal SSL represents a massive increase in the number of sites we serve over HTTPS—from tens of thousands, to millions....
- By
September 30, 2014
Universal SSL: Be just a bit more patient
It turns out it takes a while to deploy SSL certificates for 2 million websites. :-) Even longer when you get a flood of new sign ups. While we'd hoped to have the deployment complete within 24 hours of the announcement, it now looks like it's going to take a bit longer....
- By
September 29, 2014
Origin Server Connection Security with Universal SSL
Earlier today, CloudFlare enabled Universal SSL: HTTPS support for all sites by default. Universal SSL provides state-of-the-art encryption between browsers and CloudFlare’s edge servers keeping web traffic private and secure from tampering....
- By
September 29, 2014
Introducing Universal SSL
The team at CloudFlare is excited to announce the release of Universal SSL™. Beginning today, we will support SSL connections to every CloudFlare customer, including the 2 million sites that have signed up for the free version of our service....
- By