The web infrastructure company, CloudFlare will be helping websites to enable SSL encryption and offer free and easy encryption to all of their customers.
Revelations about government snooping and Google’s decision to prioritize sites with encryption turned on in its search results have given SSL a big push.
According to CloudFlare, due to cost and complexity factor, before Monday less than 0.4% of websites were encrypted.
In a release Nick Sullivan, Security Engineering Lead at CloudFlare said, “We didn’t just enable basic SSL for free, we enabled cutting-edge cryptography and made it free and easy for anyone.”
“The cryptographic systems we’re rolling out as part of Universal SSL are a generation ahead of what is used by even the top Internet giants. These certificates use elliptic curve digital signature algorithm (ECDSA) keys, ensuring all connections with CloudFlare sites have Perfect Forward Secrecy, and they are signed with ECDSA and the highly secure SHA-256 hash function. This is a level of cryptographic security most web administrators literally couldn’t buy.”
The set up of the feature is not complex. The company will issue an Secure Socket Layer (SSL) certificate “within 24 hours.” All Internet connectivity between the server and the user can be encrypted, once the certificate is available. CloudFlare will publish a blog post with instructions.
The sites who earlier didn’t have SSL, CloudFlare will utilise its Flexible SSL mode by default. The default mode will make the traffic from browsers to CloudFlare encrypted, but not the traffic from CloudFlare to a site’s server.
CloudFlare CEO Matthew Prince said that the service will make the company nearly double the number of websites on the Internet protected by SSL. “Yesterday there were about 2 million SSL-enabled sites active online,” he said. “By the end of the day today, CloudFlare will have rolled out free SSL to another 2 million.”
CloudFlare’s SSL technology isn’t universally supported. It relies on Server Name Identification (SNI), which is supported by 80% web browsers and is an extension to the TLS encryption standard.
Mathew Prince in a statement said, “We also have plans to expand the universe of supported browsers slightly by taking advantage of connections that arrive over IPv6 for browsers that don’t support SNI. About 16% of unique IP addresses that connect to CloudFlare do so via IPv6 (note: that calculation takes only the first 8 bytes as unique in any IPv6 address connecting to our network). Since IPv6 addresses are virtually infinite, we don’t have the same limitations as we do with IPv4 and can therefore return a unique certificate for every IPv6 address.”
Universal SSL provides an additional advantage of supporting SPDY protocol that needs an encrypted connection. SPDY improves web performance in a number of ways like speed up web traffic by minimizing latency.
To get support for all browsers, users first require to sign up for CloudFlare Pro (which costs from US$20 per month), Business or Enterprise.