The Cloudflare Blog

Subscribe to receive notifications of new posts:

Staying afloat: the DROWN Attack and CloudFlare

2016-03-01

John Graham-Cumming

1 min read

CloudFlare customers are automatically protected against the recently disclosed DROWN Attack. We do not have SSLv2 enabled on our servers.

We publish our SSL configuration here so that others can use it. We currently accept TLS 1.0, 1.1 and 1.2.

We are proactively testing our customers' origin web servers to detect vulnerable servers and will be reaching out to any that have a server that is vulnerable to DROWN.

In the interim, ensure that SSLv2 is fully disabled and/or that private keys are not shared with servers that still need to have SSLv2.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

Attacks SSL Vulnerabilities Security

Follow on X

Cloudflare|@cloudflare

October 29, 2025 1:00 PM

Defending QUIC from acknowledgement-based DDoS attacks

We identified and patched two DDoS vulnerabilities in our QUIC implementation related to packet acknowledgements. Cloudflare customers were not affected. We examine the "Optimistic ACK" attack vector and our solution, which dynamically skips packet numbers to validate client behavior. ...

Research, QUIC, Protocols, Vulnerabilities, Security

October 29, 2025 1:00 PM

One IP address, many users: detecting CGNAT to reduce collateral effects

IPv4 scarcity drives widespread use of Carrier-Grade Network Address Translation, a practice in ISPs and mobile networks that places many users behind each IP address, along with their collected activity and volumes of traffic. We introduce the method we’ve developed to detect large-scale IP sharing globally and mitigate the issues that result. ...

Vasilis Giotsas,
Marwan Fayed

Research, WAF, Web Application Firewall, Better Internet, Security, Bots, IPv4, Network Services

October 28, 2025 1:00 PM

Keeping the Internet fast and secure: introducing Merkle Tree Certificates

Cloudflare is launching an experiment with Chrome to evaluate fast, scalable, and quantum-ready Merkle Tree Certificates, all without degrading performance or changing WebPKI trust relationships....

Post-Quantum, Research, Cryptography, Security, TLS, Chrome, Google, IETF, Transparency, Rust, Open Source, Cloudflare Workers

October 16, 2025 2:00 PM

Improving the trustworthiness of Javascript on the Web

There's no way to audit a site’s client-side code as it changes, making it hard to trust sites that use cryptography. We preview a specification we co-authored that adds auditability to the web....

Michael Rosenberg

Security, Malicious JavaScript, JavaScript, Deep Dive, Cryptography, Research