Chrome and Mozilla announced that they will stop trusting Entrust’s public TLS certificates issued after November 12, 2024 and December 1, 2024, respectively. This decision stems from concerns related to Entrust’s ability to meet the CA/Browser Forum’s requirements for a publicly trusted certificate authority (CA). To prevent Entrust customers from being impacted by this change, […]
Tag Archives: ssl
HTTPS Protocol: What is the Default Port for SSL & Common TCP Ports
SSL port numbers serve as communication endpoints for transmitting or receiving data. One of the primary functions of these ports is to establish a secure connection between a web page and a website hosting server or the CDN/WAF that might sit in front of it. These add an extra layer of security by leveraging either […]
How to Fix “Not Secure” Warnings and SSL Issues in WordPress (8 Steps)
If you own a WordPress website and ever encountered the “Not Secure” warning, you might have worried that visitors would perceive your site as spam or fraudulent. Not only does this warning impact user trust, but it can also affect your site’s SEO because search engines like Google flag sites without an HTTPS (HyperText Transfer […]
Introducing per hostname TLS settings — security fit to your needs
One of the goals of Cloudflare is to give our customers the necessary knobs to enable security in a way that fits their needs. In the realm of SSL/TLS, we offer two key controls: setting the minimum TLS version, and restricting the list of supported cipher suites. Previously, these settings applied to the entire domain, […]
Bring your own CA for client certificate validation with API Shield
APIs account for more than half of the total traffic of the Internet. They are the building blocks of many modern web applications. As API usage grows, so does the number of API attacks. And so now, more than ever, it’s important to keep these API endpoints secure. Cloudflare’s API Shield solution offers a comprehensive […]
Troubleshooting ERR_SSL_PROTOCOL_ERROR: How to Fix this Pesky Error in 6 Steps
As a website owner (and frequent website visitor), you might have encountered the notorious ERR_SSL_PROTOCOL_ERROR at least once. This Secure Sockets Layer (SSL) error occurs when the browser fails to establish a secure connection with the website, usually due to issues with the website’s SSL certificate or its configuration or the client’s browser. The error […]
Deprecating SPDY
Democratizing the Internet and making new features available to all Cloudflare customers is a core part of what we do. We’re proud to be early adopters and have a long record of adopting new standards early, such as HTTP/2, as well as features that are experimental or not yet final, like TLS 1.3 and SPDY. […]
CAA of the Wild: Supporting a New Standard
One thing we take pride in at Cloudflare is embracing new protocols and standards that help make the Internet faster and safer. Sometimes this means that we’ll launch support for experimental features or standards still under active development, as we did with TLS 1.3. Due to the not-quite-final nature of some of these features, we […]
Make SSL boring again
It may (or may not!) come as surprise, but a few months ago we migrated Cloudflare’s edge SSL connection termination stack to use BoringSSL: Google’s crypto and SSL implementation that started as a fork of OpenSSL. We dedicated several months of work to make this happen without negative impact on customer traffic. We had a […]
Performing & Preventing SSL Stripping: A Plain-English Primer
Over the past few days we learnt about a new attack that posed a serious weakness in the encryption protocol used to secure all modern Wi-Fi networks. The KRACK Attack effectively allows interception of traffic on wireless networks secured by the WPA2 protocol. Whilst it is possible to backward patch implementations to mitigate this vulnerability, […]
