2025-10-28
Cloudflare is launching an experiment with Chrome to evaluate fast, scalable, and quantum-ready Merkle Tree Certificates, all without degrading performance or changing WebPKI trust relationships....
Continue reading »
2025-09-26
We reduced Cloudflare Workers cold starts by 10x by optimistically routing to servers with already-loaded Workers. Learn how we did it here....
2025-09-24
After a year since we started enabling Automatic SSL/TLS, we want to talk about these results, why they matter, and how we’re preparing for the next leap in Internet security....
2025-09-04
Unauthorized TLS certificates were issued for 1.1.1.1 by a Certification Authority without permission from Cloudflare. These rogue certificates have now been revoked....
2025-02-07
Cloudflare patched a Mutual TLS (mTLS) vulnerability (CVE-2025-23419) reported via its Bug Bounty Program. The flaw in session resumption allowed client certificates to authenticate across different...
November 07, 2024 2:00 PM
NIST has standardized four post-quantum signature schemes so far, and they’re not done yet: there are fourteen new candidates in the running for standardization....
September 25, 2024 1:00 PM
Cloudflare's customers can now take advantage of Zstandard (zstd) compression, offering 42% faster compression than Brotli and 11.3% more efficiency than GZIP. We're further optimizing performance for our customers with HTTP/3 prioritization and BBR congestion control, and enhanc...
August 08, 2024 2:05 PM
This new Automatic SSL/TLS setting will maximize and simplify the encryption modes Cloudflare uses to communicate with origin servers by using the SSL/TLS Recommender....
July 29, 2024 1:00 PM
Outages caused by certificate pinning is increasing. Learn why certificate pinning hasn’t kept up with modern standards and find alternatives to improve security while reducing management overhead...
April 12, 2024 1:00 PM
Let’s Encrypt’s cross-signed chain will be expiring in September. This will affect legacy devices with outdated trust stores (Android versions 7.1.1 or older). To prevent this change from impacting customers, Cloudflare will shift Let’s Encrypt certificates upon renewal to use a ...
March 14, 2024 2:00 PM
Let’s Encrypt’s cross-signed chain will be expiring. To prepare for, Cloudflare will issue certs from Let’s Encrypt’s ISRG X1 chain. This change impacts legacy devices with outdated trust stores....
September 04, 2023 1:00 PM
In this blog we’re going to take a closer look at “connection coalescing”, with specific focus on manage it at a large scale...
August 09, 2023 1:00 PM
Starting today, customers that use Cloudflare’s Advanced Certificate Manager can configure TLS settings on individual hostnames within a domain...
July 11, 2023 1:00 PM
API shield customers can now upload their own CA to use for client certificate validation. This ensures that only authorized clients and devices can make requests to your API endpoint or application. ...
April 03, 2023 1:00 PM
This blog post outlines the root cause analysis and solution for a bug found in Cloudflare’s mTLS implementation...
March 23, 2023 1:00 PM
Cloudflare will now allow customers that are managing DNS externally to auto-renew certificates through DCV Delegation...
March 13, 2023 1:00 PM
Mutual TLS is used to secure a range of network services and applications: APIs, web applications, microservices, databases and IoT devices. With mTLS support for Workers you can use Workers to authenticate to any service secured by mTLS directly!...
December 15, 2022 2:00 PM
We’re excited to announce a new version of Geo Key Manager — one that allows customers to define boundaries by country, by a region, or by a standard, such as “only store my private keys in FIPS compliant data centers” — now available in Closed Beta....
November 16, 2022 2:00 PM
We’re excited to announce that Workers will soon be able to send outbound requests through a mutually authenticated channel via mutual TLS authentication!...
October 06, 2022 6:00 PM
Today, we’re excited to announce Total TLS — a one-click feature that will issue individual TLS certificates for every subdomain in our customer’s domains...
