CloudFlare Announces Free SSL Support For All Customers

Z80xxc! writes: CloudFlare, a cloud service that sits between websites and the internet to provide a CDN, DDOS and other attack prevention, speed optimization, and other services announced today that SSL will now be supported for all customers, including free customers. This will add SSL support to approximately 2 million previously unprotected websites. Previously SSL was only available to customers paying at least $20/month for a "Pro" plan or higher.

Browsers connect to CloudFlare's servers and receive a certificate provided by CloudFlare. CloudFlare then connects to the website's server to retrieve the content, serving as a sort of reverse proxy. Different security levels allow CloudFlare to connect to the website host using no encryption, a self-signed certificate, or a verified certificate, depending on the administrator's preferences. CloudFlare's servers will use SNI for free accounts, which is unsupported for IE on Windows XP and older, and Android Browser on Android 2.2 and older.

Re:Now how about the third party ad networks

[SpzToid]

Google announced in August (I believe) that page rank will now include SSL scoring. So if those ad networks want to remain relevant, by not breaking all the pages they want to get published on, then those web devs and admins better step up their game. Let me rephrase that, the ad networks need to budget for, and pay for web devs and admins, or train the ones they have already.

Re:... and other services

[Guspaz]

Have some irony:

C:\Users\Guspaz>tracert www.spamhaus.org

Tracing route to cdn-cf.spamhaus.eu [190.93.243.93]
over a maximum of 30 hops:

    1 <1 ms <1 ms 1 ms 192.168.1.1
    2 10 ms 39 ms 14 ms 10.245.x.x
    3 11 ms 13 ms 10 ms 10.170.x.x
    4 10 ms 8 ms 17 ms xe-0-1-1_0-bdr01-mtl.teksavvy.com [206.248.155.109]
    5 16 ms 15 ms 16 ms xe-1-1-0_2210-bdr04-tor.teksavvy.com [192.171.63.161]
    6 22 ms 17 ms 23 ms gw-cloudflare.torontointernetxchange.net [206.108.34.208]
    7 17 ms 16 ms 15 ms cf-190-93-243-93.cloudflare.com [190.93.243.93]

Trace complete.

CloudFlare is a f.ing nightmare for anonymity

[Rosco+P.+Coltrane]

A surprising number of sites use CloudFlare. The trouble with CloudFlare is, if you want to stay anonymous on the internet using Tor, you're SOL, as they serve you captchas every 3 pages when they see a connection coming from a Tor exit node.

So essentially, if you're a Tor user, CloudFlare:

- Renders a sizeable portion of the internet unusuable for you
- Makes money on your back by making you solve captcha, and turning you into a human OCR.

CloudFlare and Google (which also serve captchas to Tor users, only fewer exit nodes are concerned) are quickly making Tor unusable, which must make the NSA wet their pants.

Re:CloudFlare is a f.ing nightmare for anonymity

CloudFlare *is* the NSA. They're the biggest MITM service in the world.

How do they sign the certificate?

[Gollum]

Am I the only one wondering how they get a CA to sign the certificate? Seems like an interesting opportunity for someone within CloudFlare to get their own SSL certs signed, and MITM to their hearts content.

Re:In the Market

[lucm]

Amazon CloudFront is a lot better than CloudFlare and has supported SSL for years. Plus it's possible to store a website in a S3 bucket, there is no need for a web server. For pennies a month you get an insanely fast website, there is nothing close to it performance-wise. Pricing is around $0.12 per GB of transfer. S3 is about $0.03 per GB of storage per month.

The only complicated thing with a CDN is that since it puts the website in cache, it's more tricky to push updates. Either you wait until the cache expires or pay a small fee to "invalidate" content.