Days of an Unencrypted Internet are Coming to an End
Cloudflare is the first to support capabilities that expand the reach and speed of the encrypted web
San Francisco, CA, September 20th, 2016 — Cloudflare, the leading Internet performance and security company, today announced that three new encryption features have been added to its network: TLS 1.3, Opportunistic Encryption, and Automatic HTTPS Rewrites.
“Cloudflare is putting an end to the unencrypted Internet,” said Matthew Prince, co-founder & CEO of Cloudflare. “We are the first to support the fastest and most secure Internet protocol, TLS 1.3, and to help virtually eliminate the problem of ‘mixed content’ that has plagued companies trying to go secure.”
TLS 1.3: Supporting the Turbocharged Encrypted Internet
Starting today, Internet connections that use Cloudflare have the most secure and fastest encryption possible: TLS 1.3. This new protocol eliminates attacks that work against the previous version, 1.2, and makes encrypted connections just as fast as unencrypted. With TLS 1.3, the unencrypted Internet becomes an anachronism.
“This update, the first since 2008, is a major overhaul that provides both increased security and enhanced speed, especially on mobile networks,” said Nick Sullivan, head of cryptography at Cloudflare. “TLS 1.3 improves request speeds by requiring one less round-trip to connect to an Internet application, compared to previous versions, and can make connections over 20 percent faster.”
Mozilla Firefox and Google Chrome currently offer preliminary versions of TLS 1.3, with all major browsers committed to implementing the protocol in the future. “Cloudflare, Mozilla, and others have made implementing TLS 1.3 a priority,” said Eric Rescorla, Mozilla Fellow and editor of the TLS 1.3 specification. “In doing so, we’ve set the stage for a faster and more secure web.”
Automatic HTTPS Rewrites: Instantly Upgrading Insecure Content to Secure Content
Two years ago Cloudflare introduced Universal SSL—free, unrestricted SSL for everyone. Despite the availability of unrestricted SSL, some web properties were still unable to go secure because of ‘mixed content’ problems. Automatic HTTPS Rewrites eliminates the mixed content problem.
If a secure site references insecure content, such as a third-party image, video or ads, it is no longer secure and web browsers won’t show a green lock icon for the site. Automatic HTTPS Rewrites upgrades all insecure content on a page ensuring that it is encrypted and reinstates the green lock.
“There has been a crazy chicken-and-egg problem holding up the deployment of secure encryption on the web,” said Peter Eckersley, chief computer scientist at the Electronic Frontier Foundation and co-founder of the Let's Encrypt project. “Browsers tried to protect users by blocking insecure parts of secure HTTPS pages, but that made it impossible to deploy encryption incrementally. Cloudflare’s new Automatic HTTPS Rewrites will help sites encrypt everything all at once, and fix this deadlock in web security.”
Opportunistic Encryption: HTTP Gets Encrypted
Web properties stuck using the unencrypted web expose their users to attacks and don’t benefit from the dramatic speedups from HTTP/2. Cloudflare’s Opportunistic Encryption brings encryption and the fastest web protocol, HTTP/2, to sites that have yet to upgrade to SSL, by encrypting the connection between the browser and Cloudflare.
Cloudflare is the only global platform that supports Opportunistic Encryption, and Mozilla Firefox is the first browser to support it. “Opportunistic Encryption will help encryption reach more of the web, but it’s up to browsers and platforms to support this emerging standard,” said Patrick McManus, principal engineer at Mozilla and lead developer of the Firefox HTTP stack.
No Excuses to Stay Unencrypted
“Cloudflare has continued to push the envelope when it comes to encrypting the Internet for all. Two years ago we were the first to deliver free Universal SSL for all of our customers—doubling the size of the encrypted web in 24 hours. Later we announced support for the next generation Internet protocols SPDY and HTTP/2, followed by free and performant encryption to the origin for Cloudflare customers with Origin CA,” said Dr. John Graham-Cumming, CTO of Cloudflare. “Now we are working to deprecate the unencrypted web. There are no longer any reasons to stay unencrypted.”
To learn more about TLS 1.3 and how Cloudflare is expanding the encrypted web, please check out the additional resources below: