One thing we take pride in at Cloudflare is embracing new protocols and standards that help make the Internet faster and safer. Sometimes this means that we’ll launch support for experimental features or standards still under active development, as we did with TLS 1.3. Due to the not-quite-final nature of some of these features, we […]
Tag Archives: security
Make SSL boring again
It may (or may not!) come as surprise, but a few months ago we migrated Cloudflare’s edge SSL connection termination stack to use BoringSSL: Google’s crypto and SSL implementation that started as a fork of OpenSSL. We dedicated several months of work to make this happen without negative impact on customer traffic. We had a […]
Down the Rabbit Hole: The Making of Cloudflare Warp
In the real world, tunnels are often carved out from the mass of something bigger – a hill, the ground, but also man-made structures. CC BY-SA 2.0 image by Matt Brown In an abstract sense Cloudflare Warp is similar; its connection strategy punches a hole through firewalls and NAT, and provides easy and secure passage […]
Geo Key Manager: How It Works
Today we announced Geo Key Manager, a feature that gives customers unprecedented control over where their private keys are stored when uploaded to Cloudflare. This feature builds on a previous Cloudflare innovation called Keyless SSL and a novel cryptographic access control mechanism based on both identity-based encryption and broadcast encryption. In this post we’ll explain […]
Introducing the Cloudflare Geo Key Manager
Cloudflare’s customers recognize that they need to protect the confidentiality and integrity of communications with their web visitors. The widely accepted solution to this problem is to use the SSL/TLS protocol to establish an encrypted HTTPS session, over which secure requests can then be sent. Eavesdropping is protected against as only those who have access […]
Making the World Better by Breaking Things
Ben Sadeghipour, Technical Account Manager, HackerOne, and Katie Moussouris, Founder & CEO, Luta Security Moderator: John Graham-Cumming, CTO, Cloudflare Photo by Cloudflare Staff JGC: We’re going to talk about hacking Katie Moussouris helps people how to work around security vulnerabilities. Ben Sadeghipour is a technical account manager at HackerOne, and a hacker at night JGC: […]
The View from Washington: The State of Cybersecurity
Avril Haines, Former Deputy National Security Advisor, Obama Administration Moderator: Doug Kramer, General Counsel, Cloudflare Photo by Cloudflare Staff Avril began her career on the National Security Council, and went on to become the first female deputy at the CIA. DK: How will cyber will play a role in military operations? AH: We look at […]
SIDH in Go for quantum-resistant TLS 1.3
The Quantum Threat Most of today’s cryptography is designed to be secure against an adversary with enormous amounts of computational power. This means estimating how much work certain computations (such as factoring a number, or finding a discrete logarithm) require, and choosing cryptographic parameters based on our best estimate of how much work would be […]
Introducing TLS with Client Authentication
In a traditional TLS handshake, the client authenticates the server, and the server doesn’t know too much about the client. However, starting now, Cloudflare is offering enterprise customers TLS with client authentication, meaning that the server additionally authenticates that the client connecting to it is authorized to connect. TLS Client Authentication is useful in cases […]
A tale of a DNS exploit: CVE-2015-7547
This post was written by Marek Vavruša and Jaime Cochran, who found out they were both independently working on the same glibc vulnerability attack vectors at 3am last Tuesday. A buffer overflow error in GNU libc DNS stub resolver code was announced last week as CVE-2015-7547. While it doesn’t have any nickname yet (last year’s […]
