Tag Archives: ssl

Geo Key Manager: How It Works

Today we announced Geo Key Manager, a feature that gives customers unprecedented control over where their private keys are stored when uploaded to Cloudflare. This feature builds on a previous Cloudflare innovation called Keyless SSL and a novel cryptographic access control mechanism based on both identity-based encryption and broadcast encryption. In this post we’ll explain More Info »

Introducing the Cloudflare Geo Key Manager

Cloudflare’s customers recognize that they need to protect the confidentiality and integrity of communications with their web visitors. The widely accepted solution to this problem is to use the SSL/TLS protocol to establish an encrypted HTTPS session, over which secure requests can then be sent. Eavesdropping is protected against as only those who have access More Info »

How to make your site HTTPS-only

The Internet is getting more secure every day as people enable HTTPS, the secure version of HTTP, on their sites and services. Last year, Mozilla reported that the percentage of requests made by Firefox using encrypted HTTPS passed 50% for the first time. HTTPS has numerous benefits that are not available over unencrypted HTTP, including More Info »

Domain Validation: SSL’s Other Job

SSL certificates are a hot topic today. Website owners are becoming increasingly aware that collecting information on non-HTTPS secured pages is a bad idea and the larger web ecosystem is definitely moving in the direction of full web encryption. Google has indicated they’re giving a ranking boost to HTTPS encrypted sites with heavier rankings likelyRead More Info »

Introducing CloudFlare Origin CA

Free and performant encryption to the origin for CloudFlare customers In the fall of 2014 CloudFlare launched Universal SSL and doubled the number of sites on the Internet accessible via HTTPS. In just a few days we issued certificates protecting millions of our customers’ domains and became the easiest way to secure your website with More Info »

Sucuri Firewall: Free LetsEncrypt SSL Certs for Everyone

Last year we partnered and sponsored the LetsEncrypt initiative. Today we’re happy to announce that we have fully integrated with them and we are now offering their free SSL Certificates to all customers who leverage the Sucuri Firewall. We’re very excited about this integration and we have mass-enabled their certificates for all of our customers that didRead More Info »

Introducing CFSSL 1.2

Continuing our commitment to high quality open-source software, we’re happy to announce release 1.2 of CFSSL, our TLS/PKI Swiss Army knife. We haven’t written much about CFSSL here since we originally open sourced the project in 2014, so we thought we’d provide an update. In the last 20 months, we have added a ton of More Info »

TLS Certificate Optimization: The Technical Details behind "No Browser Left Behind"

Overview Back in early December we announced our “no browser left behind” initiative to the world. Since then, we have served well over 500 billion SHA-1 certificates to visitors that otherwise would not have been able to communicate securely with our customers’ sites using HTTPS. All the while, we’ve continued to present newer SHA-2 certificates More Info »

SHA-1 Deprecation: No Browser Left Behind

After December 31, 2015, SSL certificates that use the SHA-1 hash algorithm for their signature will be declared technology non grata on the modern Internet. Google’s Chrome browser has already begun displaying a warning for SHA-1 based certs that expire after 2015. Other browsers are mirroring Google and, over the course of 2016, will begin More Info »