CloudFlare Introduces ‘Universal SSL’

Content delivery network and Web security services provider CloudFlare today announced the introduction of SSL connections for all of the company’s customers, including those who have signed up for a free plan.

With the release of what the company is calling Universal SSL, a feature on which the company has been working for the last three years, CloudFlare will automatically provision a SSL certificate on its network that will accept HTTPS connections for customers’ domains and subdomains.

The company started rolling out Universal SSL this morning and the process should be completed by the end of the day. New customers who sign up for CloudFlare’s free plan will have to wait 24 hours until the feature is activated on their websites, but those who opt for paid plans will get it instantly.

CloudFlare believes the initiative will make the Web safer since the number of sites that support encrypted connections will double (from 2 million currently).

The certificates provisioned by CloudFlare will include one for the root domain and a wildcard for all first-level subdomains. However, the company noted that only traffic between the Web browser and CloudFlare will be encrypted, not the one between CloudFlare and the origin server. Website owners who want to ensure that traffic is encrypted all the way will have to install a certificate on their Web server.

Due to issues such as CPU load and IPv4 exhaustion, Universal SSL works only on modern browsers in the case of free customers. Fortunately, CloudFlare has determined that 80% of requests come from modern browsers. According to the company, the most problematic legacy browsers are the ones that ship with Android versions prior to Ice Cream Sandwich and Internet Explorer running on Windows XP or older versions of the Microsoft operating system. Customers who pay for CloudFlare services don’t have to worry about this aspect since paid plans support legacy browsers as well.

In an effort to get all users to migrate to modern browsers, CloudFlare encourages its customers to install the “A Better Browser” app on their websites. The app detects if the site is visited from an old browser and displays a banner advising users to upgrade the software.

CloudFlare has also pointed out that website owners don’t have to worry about their ability to accept unencrypted traffic once Universal SSL is activated. HTTP will continue to work as before, the company said.

“One additional benefit of Universal SSL is it allows us to broadly support of the SPDY protocol which requires an encrypted connection. SPDY improves web performance in a number of ways […]. All CloudFlare customers will, by the end of the day today, also have SPDY enabled by default — massively increasing the size of the SPDY universe,” Matthew Prince, CEO and co-founder of CloudFlare explained in a blog post.

 Earlier this month, CloudFlare announced the introduction of keyless SSL, a feature that allows websites to take advantage of the company’s solutions without having to hand over their precious private SSL keys.