CloudFlare: You get SSL, and you get SSL, EVERYBODY GETS SSL!

Web cache biz to hand out certificates to all free customers

Edward Snowden

CloudFlare announced today it will extend SSL support to customers who use its free cloud-based web hosting service.

The firm said its Universal SSL program will allow said customers to encrypt and secure web traffic between visitors and websites cached by CloudFlare. CloudFlare will provide SSL certificates that are valid for root domains and first-level subdomains.

Cloudflare works by caching websites in its content delivery network (CDN): when a surge of people, or attackers, try to hit a site, Cloudflare's servers dotted around the world take the strain. The Universal SSL service encrypts the traffic between its data centers and visitors for free; this was previously a paid-for feature.

The company said the SSL provisioning will be completed within the next 24 hours for customers. New folks will have to wait a bit longer, and those who use CloudFlare through another hosting service may not be able to access the SSL features until the end of the year as the company wrangles with "technical limitation" issues.

"Yesterday, there were about 2 million sites active on the Internet that supported encrypted connections," proclaimed CloudFlare boss Matthew Prince in announcing the service.

"By the end of the day today, we'll have doubled that."

SSL and Cloudflare

Prince noted that there are some caveats to the rollout. As mentioned above, Cloudflare encrypts web connections between visitors and its cloud; website owners must install their own certificates on their own servers to ensure traffic between Cloudflare's CDN and said servers are encrypted – this ensures no one can tamper with pages without detection, or eavesdrop on them, as they're transferred into the cloud cache.

Additionally, the Universal SSL service will only support "modern" browsers. Due to the use of ECDSA, the SSL connections will not be available to people running Windows XP editions of Internet Explorer and pre-Ice Cream Sandwich Android devices, as well as some other older browsers.

"Generally, if you're running a browser that is less than six years old, your browser is modern and Univeral SSL on CloudFlare's free plans will work," Prince noted.

CloudFlare already offers SSL services to customers of its paid platforms. Prince said that the company is also working on options to provide both ECDSA and RSA certificates for paid accounts.

The release comes just one week after CloudFlare rolled out its KeyLess SSL security option. That service, designed for high-security customers such as financial institutions, allows SSL keys to be stored on private servers while still being available to secure connections running through the CloudFlare services. ®


Biting the hand that feeds IT © 1998–2017