Zero Trust WARP: tunneling with a MASQUE
2024-03-06
This blog discusses the introduction of MASQUE to Zero Trust WARP and how Cloudflare One customers will benefit from this modern protocol...
TLS 1.3
A cost-effective and extensible testbed for transport protocol development
2020-01-14
At Cloudflare, we develop protocols at multiple layers of the network stack. In the past, we focused on HTTP/1.1, HTTP/2, and TLS 1.3. Now, we are working on QUIC and HTTP/3, which are still in IETF draft, but gaining a lot of interest....
Know your SCM_RIGHTS
2018-11-29
As TLS 1.3 was ratified earlier this year, I was recollecting how we got started with it here at Cloudflare. We made the decision to be early adopters of TLS 1.3 a little over two years ago. It was a very important decision, and we took it very seriously....
Encrypt that SNI: Firefox edition
2018-10-18
A couple of weeks ago we announced support for the encrypted Server Name Indication (SNI) TLS extension (ESNI for short). As promised, our friends at Mozilla landed support for ESNI in Firefox Nightl. ...
Encrypt it or lose it: how encrypted SNI works
2018-09-24
Today we announced support for encrypted SNI, an extension to the TLS 1.3 protocol that improves privacy of Internet users....
A Detailed Look at RFC 8446 (a.k.a. TLS 1.3)
2018-08-10
TLS 1.3 (RFC 8446) was published today. This article provides a deep dive into the changes introduced in TLS 1.3 and its impact on the future of internet security....
You get TLS 1.3! You get TLS 1.3! Everyone gets TLS 1.3!
2018-05-16
It's no secret that Cloudflare has been a big proponent of TLS 1.3, the newest edition of the TLS protocol that improves both speed and security, since we have made it available to our customers starting in 2016. ...
Why TLS 1.3 isn't in browsers yet
2017-12-26
Upgrading a security protocol in an ecosystem as complex as the Internet is difficult. You need to update clients and servers and make sure everything in between continues to work correctly. The Internet is in the middle of such an upgrade right now. ...
TLS 1.3 is going to save us all, and other reasons why IoT is still insecure
2017-12-24
As I’m writing this, four DDoS attacks are ongoing and being automatically mitigated by Gatebot. Cloudflare’s job is to get attacked. Our network gets attacked constantly....
CAA of the Wild: Supporting a New Standard
2017-12-07
One thing we take pride in at Cloudflare is embracing new protocols and standards that help make the Internet faster and safer. Sometimes this means that we’ll launch support for experimental features or standards still under active development, as we did with TLS 1.3....
Make SSL boring again
2017-12-06
It may (or may not!) come as surprise, but a few months ago we migrated Cloudflare’s edge SSL connection termination stack to use BoringSSL: Google's crypto and SSL implementation that started as a fork of OpenSSL....
SIDH in Go for quantum-resistant TLS 1.3
2017-09-01
Most of today's cryptography is designed to be secure against an adversary with enormous amounts of computational power. This means estimating how much work certain computations require, and choosing cryptographic parameters based on our best estimates....
Introducing Zero Round Trip Time Resumption (0-RTT)
2017-03-15
Cloudflare’s mission is to help build a faster and more secure Internet. Over the last several years, the Internet Engineering Task Force (IETF) has been working on a new version of TLS, the protocol that powers the secure web....
NCC Group's Cryptography Services audits our Go TLS 1.3 stack
2017-02-15
The Cloudflare TLS 1.3 beta is run by a Go implementation of the protocol based on the Go standard library, crypto/tls. ...
TLS 1.3 explained by the Cloudflare Crypto Team at 33c3
2017-02-01
Nick Sullivan and I gave a talk about TLS 1.3 at 33c3, the latest Chaos Communication Congress. The congress, attended by more that 13,000 hackers in Hamburg, has been one of the hallmark events of the security community for more than 30 years....
Cloudflare Crypto Meetup #4: November 22
2016-11-02
Come join us on Cloudflare HQ in San Francisco on Tuesday, November 22 for another cryptography meetup. We had such a great time at the last one, we decided to host another....
TLS nonce-nse
2016-10-12
One of the base principles of cryptography is that you can't just encrypt multiple messages with the same key. At the very least, what will happen is that two messages that have identical plaintext will also have identical ciphertext, which is a dangerous leak. ...
An overview of TLS 1.3 and Q&A
2016-09-23
The CloudFlare London office hosts weekly internal Tech Talks (with free lunch picked by the speaker). My recent one was an explanation of the latest version of TLS, 1.3, how it works and why it's faster and safer....
Opportunistic Encryption: Bringing HTTP/2 to the unencrypted web
2016-09-21
Encrypting the web is not an easy task. Various complexities prevent websites from migrating from HTTP to HTTPS, including mixed content, which can prevent sites from functioning with HTTPS. ...
Introducing TLS 1.3
2016-09-20
The encrypted Internet is about to become a whole lot snappier. When it comes to browsing, we’ve been driving around in a beat-up car from the 90s for a while. Little does anyone know, we’re all about to trade in our station wagons for a smoking new sports car. ...