Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Cloudflare announce keyless SSL
New on LowEndTalk? Please Register and read our Community Rules.

Cloudflare announce keyless SSL

https://blog.cloudflare.com/announcing-keyless-ssl-all-the-benefits-of-cloudflare-without-having-to-turn-over-your-private-ssl-keys/

Cloudflare says they can provide service to you with SSL without your private key. It sounds to me like a IPSEC/GRE tunnel to your server.

Thanked by 2netomx JustJon

Designers: www.linkun.info

Comments

  • It is a really cool concept but you should read there post fully the put a pretty accurate descrion of it

  • ChuckChuck Member
    edited September 2014

    Next news. Google buys Cloudflare? Looks like every tech company doing good job will be bought by Google.

    Thanked by 1netomx

    I like what she said, not what it means.

  • @Chuck said:
    Next news. Google buys Cloudflare? Looks like every tech company doing good job will be bought by Google.

    Doesn't looks like Google. Maybe OVH

    Designers: www.linkun.info

  • @wojons said:
    It is a really cool concept but you should read there post fully the put a pretty accurate descrion of it

    At first, I read it on my phone. Couldn't really see the picture. Later, when I look at the picture clearly, I understand what they are doing. But still curious, could Cloudflare know too much about the encrypted content?

    Thanked by 1netomx

    Designers: www.linkun.info

  • I would imagine with regards the encrypted content they know the source and destination, if your paranoid it would be possible to sniff the unencrypted traffic.

    It's nothing but a Joncept!

  • dnwkdnwk Member
    edited September 2014

    What does the SSL premaster and Session Key used for? These two information is what Cloudflare have unencrypted according to the flow chat

    Designers: www.linkun.info

  • Does not look like a revolutionary thing. They simply extend the chain and put the padlock in the premises of the customer so the customer can keep the key private.

    Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

  • I would do that using this for sure.

    Are you in need of an urgent help? 10 minutes response time!
    EmergencySupport - Professional Server Management and R1Soft Backup Services

  • duyan13duyan13 Member
    edited September 2014

    But how they are going to prevent Layer 7 based attacks....Since they can't inspects the data packets without decrypting them ?

    [REF] Get $10 for Free - DigitalOcean - Click Here - 2 Months Credit

  • MaouniqueMaounique Member
    edited September 2014

    duyan13 said: Layer 7 based attacks

    That is a broad range of possible attacks. depending on what you have in mind, there are ways. The only way that could be compromised is through compromising the machine running the webfront and the actual ssl stack or somehow hijuacking the IP if the admins are really stupid and only use IP based ACLs.
    It is entirely possible a scenario with a compromised web server, but, again, that can happen even if the server is located at home, in the basement, a special safe room with Fort Knox like guarding or even a spaceship orbiting the earth.

    Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

Sign In or Register to comment.