Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Does this mean CloudFlare's free ssl is coming monday?
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Does this mean CloudFlare's free ssl is coming monday?

By the looks of it they are announcing the free ssl on monday. If its not that I don't know what it could be, though I do know I can't log into my account because of a database error :)

blog.cloudflare.com/celebrating-cloudflares-4th-birthday/

Comments

  • Most likely yes :)

    I ❤ Laravel

  • Especially when you read the first letter of each paragraph as a sentence :)

  • First letter of each paragraph:

    SSL TLS FREE

    Thanked by 2netomx Dylan
  • @Edouard said:
    Especially when you read the first letter of each paragraph as a sentence :)

    Didn't even noticed that, when they said there is a clue they really meant it :)

  • Its going to be a long queue, hope to get ssl enabled for my domain asap, eagerly waiting for it.

  • So apparently (for those who can't wait) CloudFlare's description of the free SSL offer leaked a couple of days ago. If you google "Does CloudFlare's free SSL have limitations?" (the title of the article) you can still see an abstract on google:
    "Since CloudFlare's Universal SSL works off of SNI (Server Name Indication), some older browsers will not work properly with the free SSL"

    However the page is down now so we can't read the whole article, it has also been pulled from Google's cache.

    I think this is a good news for people who care about security and would like to remain in control of the encryption End-To-End. Not such a good news for those hoping for a "free certificate".

  • @elwebmaster said:
    So apparently (for those who can't wait) CloudFlare's description of the free SSL offer leaked a couple of days ago. If you google "Does CloudFlare's free SSL have limitations?" (the title of the article) you can still see an abstract on google:
    "Since CloudFlare's Universal SSL works off of SNI (Server Name Indication), some older browsers will not work properly with the free SSL"

    However the page is down now so we can't read the whole article, it has also been pulled from Google's cache.

    I think this is a good news for people who care about security and would like to remain in control of the encryption End-To-End. Not such a good news for those hoping for a "free certificate".

    Interesting, the page must still exist because I get an authorized message. But when you change the ID you get a 404 not found.

    Like changing 203274000 to 203274001 and anything else causes a 404.

  • CFarenceCFarence Member
    edited September 2014

    Double post

  • It's like that you are protected by tls from others but CloudFlare still owns the certs so they can still read your traffic. But well, it's needed for cloudflare how else they are going to protect you from malicious request,...
    Anyway, it's good to see that cf is going to do that...(Has it been confirmed yet?)

    [REF] Get $10 for Free - DigitalOcean - Click Here - 2 Months Credit

  • I can't wait to try their SSL with my LES boxes.> @duyan13 said:

    It's like that you are protected by tls from others but CloudFlare still owns the certs so they can still read your traffic. But well, it's needed for cloudflare how else they are going to protect you from malicious request,...
    Anyway, it's good to see that cf is going to do that...(Has it been confirmed yet?)

    That's not how SNI works. They just look at the domain and forward encrypted traffic to your IP. You own your cert and key. The way it protects you is by tunneling all traffic through their infrastructure, but it's encrypted end to end. The drawback is it doesn't work with Windows XP and some other older systems.

  • @elwebmaster said:
    I can't wait to try their SSL with my LES boxes.> duyan13 said:
    That's not how SNI works. They just look at the domain and forward encrypted traffic to your IP. You own your cert and key. The way it protects you is by tunneling all traffic through their infrastructure, but it's encrypted end to end. The drawback is it doesn't work with Windows XP and some other older systems.

    I am not sure sure. As far as I understand the keyless ssl article the cloudflare proxy will contact a key server which contains your private key. It request a session key so that key will be used for encryption and decryption. So cloudflare can decrypt your traffic in that way. I am not sure if they have different types of ssl implementations though. They also might introduce a proxy based on tls's sni feature...
    But I an not sure if they will proxy the encrypted traffic since that's not what cloudflare is for.

    [REF] Get $10 for Free - DigitalOcean - Click Here - 2 Months Credit

  • yywudiyywudi Member
    edited September 2014

    @duyan13 said:

    there're 3 kinds of SSL supported in CloudFlare, I'm not sure which one will be free for all customers, or full feature free.
    https://support.cloudflare.com/hc/en-us/articles/200170416

  • Yeah it's coming! I'm waiting for the activaton of my free plan...

  • kkrajkkkrajk Member
    edited September 2014

    The certificate is only valid for the following names: ssl2000.cloudflare.com, *.redpitt.mobi, redpitt.mobi, cloudflare.com, *.cloudflare.com (Error code: ssl_error_bad_cert_domain)

    does this mean, I still need to get a SSL cert for my domain?

    EDIT - Just found this

    For a site that did not have SSL before, we will default to our Flexible SSL mode, which means traffic from browsers to CloudFlare will be encrypted, but traffic from CloudFlare to a site's origin server will not. We strongly recommend site owners install a certificate on their web servers so we can encrypt traffic to the origin. Later today we'll be publishing a blog with instructions on how to do that at no cost. Once you've installed a certificate on your web server, you can enable the Full or Strict SSL modes which encrypt origin traffic and provide a higher level of security.

  • CFarenceCFarence Member
    edited September 2014

    @ez2uk
    I saw that too, I thought the article said they will be issuing a certificate for our domains.

  • If you have an SSL cert on the web server then you get full SSL; else they are giving the impression a user has SSL between user and CF but its still open from CF > Host.

    How nice of them to mass MITM sites.

    Taking a hiatus.

  • @wych said:
    If you have an SSL cert on the web server then you get full SSL; else they are giving the impression a user has SSL between user and CF but its still open from CF > Host.

    How nice of them to mass MITM sites.

    i think we just need to issue a self-signed cert and get the full SSL with CF, no need to buy another one, am i wrong?

  • Yes, I think so

  • Does this mean they are going to be able to grab all communications between their servers and their clients'?

    I recommend Prometeus, the best provider ever!

  • PcJamesyPcJamesy Member
    edited September 2014

    Hum where did i mess this up?

    You attempted to reach (my domain), but instead you actually reached a server identifying itself as ssl2000.cloudflare.com.

    Edit: Might be a DNS fully propagated issue.

  • I can't even enable the flexible SSL option, says it's not an option on my free plan. Though I did get a notification signing in that SSL has been enabled

  • It's a gradual rollout over the day:

    "This morning we began rolling out the Universal SSL across all our current customers. We expect this process to be complete for all current customers before the end of the day."

  • Free SSL true but no free verified SSL certificated with green lock. As the ssl is signed for cloudflare domain.

    M B

    Sentora 1.0 released // Open source control panel
    http://forums.sentora.org/showthread.php?tid=953

  • @Me_B said:
    Free SSL true but no free verified SSL certificated with green lock. As the ssl is signed for cloudflare domain.

    M B

    Certificate provisioning is taking longer than they thought it would:

    https://blog.cloudflare.com/universal-ssl-be-just-a-bit-more-patient/

Sign In or Register to comment.