The Cloudflare Blog

Subscribe to receive notifications of new posts:

Staying afloat: the DROWN Attack and CloudFlare

2016-03-01

John Graham-Cumming

1 min read

CloudFlare customers are automatically protected against the recently disclosed DROWN Attack. We do not have SSLv2 enabled on our servers.

We publish our SSL configuration here so that others can use it. We currently accept TLS 1.0, 1.1 and 1.2.

We are proactively testing our customers' origin web servers to detect vulnerable servers and will be reaching out to any that have a server that is vulnerable to DROWN.

In the interim, ensure that SSLv2 is fully disabled and/or that private keys are not shared with servers that still need to have SSLv2.

Attacks SSL Vulnerabilities Security

Follow on X

Cloudflare|@cloudflare

June 09, 2026

Defend against frontier cyber models: Cloudflare's architecture as customer zero

In our post about Project Glasswing, we made the argument that the architecture around a vulnerability matters more than the speed of the patch. Here we walk through what that architecture looks like, the threats it defends against, and how we run it ourselves as Cloudflare's customer zero....

Security, AI, Threat Intelligence, Risk Management, Customer Zero, WAF, Zero Trust, Cloudforce One, Bot Management

June 08, 2026

Turning Cloudflare’s threat indicators into real-time WAF rules

Cloudflare customers can now use Cloudforce One threat intelligence directly within the WAF to block high-risk traffic. By using new cf.intel fields, security teams can automate protection against specific threat actors and targeted industries in real time....

Security, WAF, Threat Intelligence, Cloudforce One, Product News

May 18, 2026

Project Glasswing: what Mythos showed us

In recent weeks, we pointed Mythos and other security-focused LLMs at live code across critical parts of our infrastructure. We share what we observed, the models’ strengths and weaknesses, and what the work around them needs to look like before any of it can scale....

Grant Bourzikas

Security, AI, Agents, Threat Intelligence, LLM, Risk Management, Threat Operations, Automation, Engineering, Customer Zero

May 07, 2026

How Cloudflare responded to the “Copy Fail” Linux vulnerability

When a critical Linux kernel privilege escalation was publicly disclosed, Cloudflare's security and engineering teams detected, investigated, and mitigated the threat across our global fleet, confirming zero customer impact and no malicious exploitation....

Linux, Security, Incident Response, Kernel, Vulnerabilities, Mitigation, eBPF