CloudFlare has made good on a promise it made back in August, by turning on SSL encryption for the webpages of all its customers.
The firm, which provides content delivery and anti-DDoS services, announced the rollout of “Universal SSL” in a Monday blog post. It said it would provide protected “https” connections for users of around two million websites – apparently doubling the number of SSL-protected websites out there.
However, beneficiaries still have work to do if they want to fully protect their customers, [company]CloudFlare[/company] CEO Matthew Prince said in the post:
For a site that did not have SSL before, we will default to our Flexible SSL mode, which means traffic from browsers to CloudFlare will be encrypted, but traffic from CloudFlare to a site’s origin server will not. We strongly recommend site owners install a certificate on their web servers so we can encrypt traffic to the origin. Later today we’ll be publishing a blog with instructions on how to do that at no cost. Once you’ve installed a certificate on your web server, you can enable the Full or Strict SSL modes which encrypt origin traffic and provide a higher level of security.
The move will allow CloudFlare to more broadly support the [company]Google[/company] SPDY protocol for speeding up webpage delivery, as this protocol requires an encrypted connection. Site administrators should also see their ranking improve on Google Search, which now takes encryption into account as a ranking signal.
Prince noted that his company’s free Universal SSL support will only benefit users with modern browsers – i.e. those less than 6 years old — which support the ECDSA cipher suite, as older RSA-based suites place too much load on CloudFlare’s systems. The firm’s paid plans will support legacy browsers as well.
A couple of weeks ago, the company revealed a new extension to the TLS security protocol called Keyless SSL. This feature, available to CloudFlare’s enterprise business plans, aims to help firms handling sensitive data get the benefits of content delivery services such as CloudFlare without parting company with their SSL keys.