Tracing Soon-to-Expire Federal .gov Certificates with CT Monitors
January 23, 2019
As of December 22, 2018, parts of the US Government have “shut down” because of a lapse in appropriation. ...
Encrypting DNS end-to-end
December 21, 2018
Over the past few months, we have been running a pilot with Facebook to test the feasibility of securing the connection between 1.1.1.1 and Facebook’s authoritative name servers. ...
Know your SCM_RIGHTS
November 29, 2018
As TLS 1.3 was ratified earlier this year, I was recollecting how we got started with it here at Cloudflare. We made the decision to be early adopters of TLS 1.3 a little over two years ago. It was a very important decision, and we took it very seriously....
Encrypt it or lose it: how encrypted SNI works
September 24, 2018
Today we announced support for encrypted SNI, an extension to the TLS 1.3 protocol that improves privacy of Internet users....
MORE POSTS
August 16, 2018
Enable Private DNS with 1.1.1.1 on Android 9 Pie
Android 9 Pie includes a slew of new features around digital well-being and privacy. Here's how to use the new Private DNS feature with 1.1.1.1....
- By
August 10, 2018
A Detailed Look at RFC 8446 (a.k.a. TLS 1.3)
TLS 1.3 (RFC 8446) was published today. This article provides a deep dive into the changes introduced in TLS 1.3 and its impact on the future of internet security....
- By
July 26, 2018
The Road to QUIC
QUIC (Quick UDP Internet Connections) is a new encrypted-by-default Internet transport protocol, that provides a number of improvements designed to accelerate HTTP traffic as well as make it more secure, with the intended goal of eventually replacing TCP and TLS on the web....
- By
July 14, 2018
DNS-Over-TLS Built-In & Enforced - 1.1.1.1 and the GL.iNet GL-AR750S
Back in April, I wrote about how it was possible to modify a router to encrypt DNS queries over TLS using Cloudflare's 1.1.1.1 DNS Resolver and a GL.iNet router; the folks at GL.iNet read that blog post and decided to bake DNS-Over-TLS support into their new router using the 1.1....
- By
May 16, 2018
You get TLS 1.3! You get TLS 1.3! Everyone gets TLS 1.3!
It's no secret that Cloudflare has been a big proponent of TLS 1.3, the newest edition of the TLS protocol that improves both speed and security, since we have made it available to our customers starting in 2016. ...
- By
April 24, 2018
BGP leaks and cryptocurrencies
Over the few last hours, a dozen news stories have broken about how an attacker attempted (and perhaps managed) to steal cryptocurrencies using a BGP leak....
- By
April 09, 2018
Privacy-Protecting Portable Router: Adding DNS-Over-TLS support to OpenWRT (LEDE) with Unbound
This blog post explains how you can configure an OpenWRT router to encrypt DNS traffic to Cloudflare Resolver using DNS-over-TLS....
- By
March 24, 2018
A tour through Merkle Town, Cloudflare's Certificate Transparency dashboard
The success of Certificate Transparency rests on the existence of a robust ecosystem of logs and log operators. ...
- By
March 12, 2018
Deprecating TLS 1.0 and 1.1 on api.cloudflare.com
On June 4, Cloudflare will end support for TLS 1.0 and 1.1 on api.cloudflare.com. The dashboard will shift from www.cloudflare.com/a to dash.cloudflare.com, requiring a browser with TLS 1.2 or higher....
- By
December 28, 2017
How "expensive" is crypto anyway?
I wouldn’t be surprised if the title of this post attracts some Bitcoin aficionados, but if you are such, I want to disappoint you. For me crypto means cryptography, not cybermoney, and the price we pay for it is measured in CPU cycles, not USD....
- By
December 26, 2017
Why TLS 1.3 isn't in browsers yet
Upgrading a security protocol in an ecosystem as complex as the Internet is difficult. You need to update clients and servers and make sure everything in between continues to work correctly. The Internet is in the middle of such an upgrade right now. ...
- By
December 24, 2017
TLS 1.3 is going to save us all, and other reasons why IoT is still insecure
As I’m writing this, four DDoS attacks are ongoing and being automatically mitigated by Gatebot. Cloudflare’s job is to get attacked. Our network gets attacked constantly....
- By
December 21, 2017
2018 and the Internet: our predictions
At the end of 2016, I wrote a blog post with seven predictions for 2017. Let’s start by reviewing how I did. I’ll score myself with two points for being correct, one point for mostly right and zero for wrong. That’ll give me a maximum possible score of fourteen. Here goes......
- By
December 07, 2017
CAA of the Wild: Supporting a New Standard
One thing we take pride in at Cloudflare is embracing new protocols and standards that help make the Internet faster and safer. Sometimes this means that we’ll launch support for experimental features or standards still under active development, as we did with TLS 1.3....
- By