CloudFlare ditches private SSL keys for better security
'Sorry, spooks, we can't decrypt this for you'
CloudFlare has announced the outcome of what it says is two years' work – switching on Keyless SSL – which lets customers encrypt their web traffic via the company's services without having to hand over their private SSL keys.
In this blog post announcing the service, cofounder and CEO Matthew Prince explains that “the only way organisations that had the highest standards of SSL security could ever adopt the benefits of the cloud is if we never took possession of their SSL keys.”
That's a problem, of course, since the normal assumption is that if someone like a bank wants to encrypt connections between themselves and CloudFlare, the receiving end of the connection needs the key.
In this technical description of the implementation, the company's Nick Sullivan explains that by moving the key server to the customer's site, CloudFlare can avoid ever holding the keys that secure the connection.
In the handshakes used to negotiate an SSL session, he writes, “the private key is only used once in each handshake. This allows us to split the TLS handshake geographically, with most of the handshake happening at CloudFlare’s edge while moving the private key operations to a remote key server”.
With the key server under the customer's control, the company says, they have “exclusive access to the private key”.
“Extending the TLS handshake in this way required changes to the NGINX server and OpenSSL to make the private key operation both remote and non-blocking (so NGINX can continue with other requests while waiting for the key server),” Sullivan writes.
The company has published its reference implementation to get other eyes across the software, and to let customers build CloudFlare Keyless SSL-compatible key servers. ®