I’m excited to announce that today kicks off SSL Week at CloudFlare. Over the course of this week, we’ll make a series of announcements on what we’re doing to improve encryption on the Internet.
Inherently, for encryption to be the most effective, it has to meet three criteria: 1) it needs to be easy and inexpensive to use; 2) it needs to be fast so it doesn’t tax performance; and 3) it needs to be up to date and ahead of the latest vulnerabilities.
Easy, Fast & Secure
Throughout CloudFlare’s history, these priorities have guided our approach to encryption. Last September, we announced Universal SSL and brought world class encryption to every CloudFlare customer, even those on our Free service plan. While that effort doubled the size of the encrypted web, our work is far from done. This week we’re announcing a series of initiatives that further our efforts to ensure we provide the easiest, fastest, and most secure encryption.
While Universal SSL made it easy to ensure that the connection from a device to CloudFlare was secure, this week we’re going to begin the process of making it easy (and free) to ensure the connection from CloudFlare back to the origin is secure as well. Beyond just encrypting the connection to the origin, we will also roll out a way to cryptographically ensure that the connection to the origin is, in fact, coming from CloudFlare’s network.
In the last six months, research into cipher suites has continued at a torrid pace. The good news is that new ciphers that perform particularly well on mobile devices have started to become standardized. The bad news is that some of the older ciphers that were previously standard appear more and more likely to be compromisable. This week we’ll, therefore, be adding support for a fast, new cipher while deprecating support for a cipher that we no longer have faith in.
We have a number of other surprises in store to help build a better, safer Internet. Stay tuned, we’re confident SSL Week will help ensure SSL is anything but weak.