Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

CloudFlare Introduces ‘Universal SSL’

Content delivery network and Web security services provider CloudFlare today announced the introduction of SSL connections for all of the company’s customers, including those who have signed up for a free plan.

Content delivery network and Web security services provider CloudFlare today announced the introduction of SSL connections for all of the company’s customers, including those who have signed up for a free plan.

With the release of what the company is calling Universal SSL, a feature on which the company has been working for the last three years, CloudFlare will automatically provision a SSL certificate on its network that will accept HTTPS connections for customers’ domains and subdomains.

The company started rolling out Universal SSL this morning and the process should be completed by the end of the day. New customers who sign up for CloudFlare’s free plan will have to wait 24 hours until the feature is activated on their websites, but those who opt for paid plans will get it instantly.

CloudFlare believes the initiative will make the Web safer since the number of sites that support encrypted connections will double (from 2 million currently).

The certificates provisioned by CloudFlare will include one for the root domain and a wildcard for all first-level subdomains. However, the company noted that only traffic between the Web browser and CloudFlare will be encrypted, not the one between CloudFlare and the origin server. Website owners who want to ensure that traffic is encrypted all the way will have to install a certificate on their Web server.

Due to issues such as CPU load and IPv4 exhaustion, Universal SSL works only on modern browsers in the case of free customers. Fortunately, CloudFlare has determined that 80% of requests come from modern browsers. According to the company, the most problematic legacy browsers are the ones that ship with Android versions prior to Ice Cream Sandwich and Internet Explorer running on Windows XP or older versions of the Microsoft operating system. Customers who pay for CloudFlare services don’t have to worry about this aspect since paid plans support legacy browsers as well.

In an effort to get all users to migrate to modern browsers, CloudFlare encourages its customers to install the “A Better Browser” app on their websites. The app detects if the site is visited from an old browser and displays a banner advising users to upgrade the software.

CloudFlare has also pointed out that website owners don’t have to worry about their ability to accept unencrypted traffic once Universal SSL is activated. HTTP will continue to work as before, the company said.

“One additional benefit of Universal SSL is it allows us to broadly support of the SPDY protocol which requires an encrypted connection. SPDY improves web performance in a number of ways […]. All CloudFlare customers will, by the end of the day today, also have SPDY enabled by default — massively increasing the size of the SPDY universe,” Matthew Prince, CEO and co-founder of CloudFlare explained in a blog post.

 Earlier this month, CloudFlare announced the introduction of keyless SSL, a feature that allows websites to take advantage of the company’s solutions without having to hand over their precious private SSL keys. 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...