CloudFlare, SSL & Unhealthy Security Absolutism (Troy Hunt)

Really interesting (and in my opinion) great artical by Troy Hunt on why CloudFlare’s SSL [free] offerings are awesome!

“First and foremost, if your choices are to either run entirely unencrypted or to protect against the 95% (or thereabouts) of transport layer threats that exist between your visitors and your origin, do the sensible thing. Nobody in their right mind is going to advocate for remaining totally unencrypted rather than using CloudFlare purely to encrypt between their edge nodes and your users. There are people not in their right mind that will argue to the contrary and that’s precisely what the title of this post suggests – it’s unhealthy security absolutism.”

Source: Troy Hunt: CloudFlare, SSL and unhealthy security absolutism

Continue Reading

 Upgrade Site Security with CloudFlare Origin CA

Really interesting development from CloudFlare on encrypting the webs connections. Takes their ‘Flexible SSL’ to the next level and beyond.

“Faster, more secure alternative to public CA certificates for your CloudFlare-fronted servers. Extraneous overhead removed to optimize performance.

With Origin CA, we questioned all aspects of certificate issuance and browser validation, from domain control validation (DCV) to path bundling and revocation checking. We asked ourselves what cruft public CAs would remove from certificates if they only needed to work with one browser, whose codebase they maintained? Questions such as “why bloat certificates with intermediate CAs when they only need to speak with our NGINX-based reverse proxy” and “why force customers to reconfigure their web or name server to pass DCV checks when they’ve already demonstrated control during zone onboarding?” helped shape our efforts.”

Source: CloudFlare Origin CA

Continue Reading