Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


gzt

gzt

11672 posts

Uber Geek

Lifetime subscriber

#153555 30-Sep-2014 21:08
Send private message

What does Cloudflare's SSL announcement mean for sites like Geekzone?

This morning we began rolling out the Universal SSL across all our current customers. We expect this process to be complete for all current customers before the end of the day. Yesterday, there were about 2 million sites active on the Internet that supported encrypted connections. By the end of the day today, we'll have doubled that.

https://blog.cloudflare.com/introducing-universal-ssl/



Create new topic
timmmay
16512 posts

Uber Geek

Trusted
Subscriber

  #1144549 30-Sep-2014 21:32
Send private message

Interesting... so they'll enable SSL for every customers website, even without an SSL certificate? Ah, it's SSL to Cloudflare, then http the rest of the way. That seems kindof pointless.

ripdog
486 posts

Ultimate Geek

Subscriber

  #1144555 30-Sep-2014 21:38
Send private message

Optionally you can do http between CF and your server, to make it easy for newbies. This doesn't make it 'pointless', it just means it's not as good as it could be. And I'd imagine it'd be a lot harder to intercept connections between CF and servers than it would be to sniff traffic on that malware-laden WinXP box connecting to CF.

If you care about security, CF also allows you to connect via HTTPS to the backend, optionally validating the SSL cert. In the future they will let you generate internal CF SSL certs in the Web UI and install them on your web server, providing end-to-end security with little hassle.

 
 
 
 


hio77
'That VDSL Cat'
12607 posts

Uber Geek

Trusted
Subscriber

  #1144558 30-Sep-2014 21:44
Send private message

was reading this morning before a catnap... will be interesting to see if/how many people have issues with lack of ECDSA support, looking at the stats its likely a null issue, but regardless.

be good to see SPDY out there alot more, although for GZ i could see this not being SO important.


My one concern is companys who will use this as a cheap way to avoid buying their own ssl certs, or it being a common tool for phishing sites to look more legitimate. - how many people do you know that look for the padlock to know they are ok with banking now?






#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 


ripdog
486 posts

Ultimate Geek

Subscriber

  #1144559 30-Sep-2014 21:48
Send private message

StartSSL already offers free certs with basically no verification. You type in your info, a staff member looks at it and gives you the okay. You get a cert. There already isn't a barrier for phishers, this move is only a good thing for getting amateur websites on SSL incredibly easily. More encryption is only a good thing.

Admittedly, this does make CF into a gigantic MITM attack. Well, it always was when it processed SSL on paid plans (AFAIK), so if you want to keep your data safe from the government, stick to self-hosting a hidden service on tor.

freitasm
BDFL - Memuneh
68817 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #1144563 30-Sep-2014 22:02
Send private message

We use Cloudflare Pro and have had SSL-enabled the site for years (even before using Cloudflare), where it is necessary - login, registration, profile, image gallery and most importantly the PM part. We adopted SSL for the PM part mainly because a lot of telcos use the PMs to talk to customers and also our users need a bit of privacy when exchanging their private messages.

If you go to any of those pages using Chrome and the right add-ons you will see that all those pages are srved over SPDY, since this was enabled on Cloudflare Pro already.

What does it mean for Geekzone now? Nothing changes. 





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Coinbase | TheMarket | My technology disclosure


timmmay
16512 posts

Uber Geek

Trusted
Subscriber

  #1144712 1-Oct-2014 11:05
Send private message

So can free plan Cloudflare customers use SSL no charge if they have an SSL certificate?

ripdog
486 posts

Ultimate Geek

Subscriber

  #1144802 1-Oct-2014 12:52
Send private message

No need for a cert. Cloudflare give you a free comodo cert.  Well, you can't export it, but it's free for the life of your cloudflare account.

 
 
 
 


timmmay
16512 posts

Uber Geek

Trusted
Subscriber

  #1144821 1-Oct-2014 13:50
Send private message

Ah cool. Their documentation is a bit widely spread and not so concise.

mattwnz
16831 posts

Uber Geek


  #1144865 1-Oct-2014 14:50
Send private message

If you are using it with shared hosting, wouldn't you still need a dedicated IP which shared hosts will charge you for? Also many will charge a setup fee to install at the server end. 

ripdog
486 posts

Ultimate Geek

Subscriber

  #1144881 1-Oct-2014 14:53
Send private message

mattwnz: If you are using it with shared hosting, wouldn't you still need a dedicated IP which shared hosts will charge you for? Also many will charge a setup fee to install at the server end. 


No, that's what Server Name Indication is for. As long as you have a decently modern http server and browsers connecting.

mattwnz
16831 posts

Uber Geek


  #1144892 1-Oct-2014 15:25
Send private message

ripdog:
mattwnz: If you are using it with shared hosting, wouldn't you still need a dedicated IP which shared hosts will charge you for? Also many will charge a setup fee to install at the server end. 


No, that's what Server Name Indication is for. As long as you have a decently modern http server and browsers connecting.


It would still need installing by the server admin wouldn't it, which usually costs?

ripdog
486 posts

Ultimate Geek

Subscriber

  #1145385 2-Oct-2014 09:58
Send private message

mattwnz:
ripdog:
mattwnz: If you are using it with shared hosting, wouldn't you still need a dedicated IP which shared hosts will charge you for? Also many will charge a setup fee to install at the server end. 


No, that's what Server Name Indication is for. As long as you have a decently modern http server and browsers connecting.


It would still need installing by the server admin wouldn't it, which usually costs?


Nothing needs to be installed to use cloudflare. Simply switch your DNS to point at cloudflare servers (after signing up, of course :)).

If you're talking about the certs that cloudflare will offer *in the future* for CF->backend SSL, then yes, you're right. The current CF->client certs are being provisioned completely automatically.

In the meantime you can make a self-signed cert or a free startSSL cert for securing CF->backend.

timmmay
16512 posts

Uber Geek

Trusted
Subscriber

  #1145399 2-Oct-2014 10:03
Send private message

Every time I try to go to the https version of my site that's in cloudflare I get certificate warnings.

hio77
'That VDSL Cat'
12607 posts

Uber Geek

Trusted
Subscriber

  #1145401 2-Oct-2014 10:06
Send private message

timmmay: Every time I try to go to the https version of my site that's in cloudflare I get certificate warnings.


for what reason is there warnings? your browser should tell you..




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 


ripdog
486 posts

Ultimate Geek

Subscriber

  #1145403 2-Oct-2014 10:11
Send private message

Those warnings mean your cert has not yet been provisioned. If in doubt, read the blog...

Create new topic





News »

Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS1621+ 
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13


Teletrac Navman launches integrated multi-camera solution for transport and logistics industry
Posted 8-Oct-2020 10:57


Farmside hits 10,000 RBI customers
Posted 7-Oct-2020 15:32


NordVPN starts deploying colocated servers
Posted 7-Oct-2020 09:00


Google introduces Nest Wifi routers in New Zealand
Posted 7-Oct-2020 05:00


Orcon to bundle Google Nest Wifi router with new accounts
Posted 7-Oct-2020 05:00


Epay and Centrapay partner to create digital gift cards
Posted 2-Oct-2020 17:34


Inseego launches 5G MiFi M2000 mobile hotspot
Posted 2-Oct-2020 14:53









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.