14 DAY TRIAL // Encryption has become the go-to solution in the fight against mass surveillance ever since the NSA files have gone public thanks to Edward Snowden. More and more services are rolling out encryption options and doing their best to lock down data within their own servers, including Google, Yahoo, and more.
CloudFlare, a company that provides a content delivery network and distributed domain name server, has decided to release Universal SSL.
“Beginning today, we will support SSL connections to every CloudFlare customer, including the 2 million sites that have signed up for the free version of our service,” the company announced.
Universal SSL is already being rolled out to all customers of the company and the process should be done shortly. CloudFlare claims that there were about 2 million sites active on the Internet that supported encrypted connections, but the number would double with its help.
New customers will also benefit from the security upgrade, although the company states that it could take up to 24 hours after signing up for the free plan before Universal SSL is activated. Paid plans will be provisioned instantly upon sign up.
SSL certificates for everyone
An SSL certificate on CloudFlare’s network will be provisioned for all customers. This will accept HTTPS connections for a customer’s domain and subdomains. The certificates include an entry for the root domain and a wildcard entry for all first-level subdomains.
“For a site that did not have SSL before, we will default to our Flexible SSL mode, which means traffic from browsers to CloudFlare will be encrypted, but traffic from CloudFlare to a site's origin server will not. We strongly recommend site owners install a certificate on their web servers so we can encrypt traffic to the origin,” the company states.
Different security levels allow the company to connect to the website host using no encryption, a self-assigned certificate, or a verified certificate, depending on what the administrator desires.
The company also mentioned that it would be limiting Universal SSL support to modern browsers for free customers, which include support for ECDSA, as well as an extension to the SSL protocol called Server Name Indication (SNI). The issue of people using dated web browsers is nowhere near new and it expands to quite a few countries around the world, with the problem varying in intensity from one area to another.
Customers that are paying for CloudFlare’s service will be getting SSL support for both modern and legacy browsers.