Tag Archives: tls

TLS nonce-nse

One of the base principles of cryptography is that you can’t just encrypt multiple messages with the same key. At the very least, what will happen is that two messages that have identical plaintext will also have identical ciphertext, which is a dangerous leak. (This is similar to why you can’t encrypt blocks with ECB.) More Info »

An overview of TLS 1.3 and Q&A

The CloudFlare London office hosts weekly internal Tech Talks (with free lunch picked by the speaker). My recent one was an explanation of the latest version of TLS, 1.3, how it works and why it’s faster and safer. You can watch the complete talk below or just read my summarized transcript. The Q&A session is More Info »

Introducing CloudFlare Origin CA

Free and performant encryption to the origin for CloudFlare customers In the fall of 2014 CloudFlare launched Universal SSL and doubled the number of sites on the Internet accessible via HTTPS. In just a few days we issued certificates protecting millions of our customers’ domains and became the easiest way to secure your website with More Info »

Introducing CFSSL 1.2

Continuing our commitment to high quality open-source software, we’re happy to announce release 1.2 of CFSSL, our TLS/PKI Swiss Army knife. We haven’t written much about CFSSL here since we originally open sourced the project in 2014, so we thought we’d provide an update. In the last 20 months, we have added a ton of More Info »

TLS Certificate Optimization: The Technical Details behind "No Browser Left Behind"

Overview Back in early December we announced our “no browser left behind” initiative to the world. Since then, we have served well over 500 billion SHA-1 certificates to visitors that otherwise would not have been able to communicate securely with our customers’ sites using HTTPS. All the while, we’ve continued to present newer SHA-2 certificates More Info »