CloudFlare tackles unencrypted internet with new features

The company says that there will no longer be any excuse to remain unencrypted online.
Written by Charlie Osborne, Contributing Writer

CloudFlare has launched three new encryption features on the firm's network to improve internet security.

On Tuesday, the San Francisco, CA-based company said that the new features, TLS 1.3, Opportunistic Encryption, and Automatic HTTPS Rewrites will "put an end" to the unencrypted internet and streamline the transition from unencrypted to encrypted for businesses looking to make the shift.

The first upgrade is CloudFlare's overall encryption selection, which is now boosted to Transport Layer Security (TLS) version 1.3. TLS, the successor to Secure Sockets Layer protocol (SSL), is now at stage 1.3 which eliminates cyberattacks which were effective against version 1.2 and also speeds up connections between browsers and servers.

"This update, the first since 2008, is a major overhaul that provides both increased security and enhanced speed, especially on mobile networks," said Nick Sullivan, head of cryptography at CloudFlare. "TLS 1.3 improves request speeds by requiring one less round-trip to connect to an internet application, compared to previous versions, and can decrease page load times by 20 percent."

Mozilla Firefox and Google Chrome currently support TLS 1.3, and other browsers have committed to implementing the protocol in the future.

The second feature due to be added to CloudFlare's network is opportunistic encryption. In order to speed up and better secure online communications, the company will now use HTTP/2 and encrypt the connection between browsers and CloudFlare when users visit websites which are yet to upgrade to SSL.

This feature is supported by Mozilla Firefox, but Patrick McManus, principal engineer at Mozilla says "it's up to browsers and platforms to support this emerging standard."

The final improvement to CloudFlare's networks is automatic HTTP rewrites, which relate to CloudFlare's Universal SSL scheme launched two years ago. The project offered webmasters free, unrestricted SSL, but some website operators were unable to take advantage of the offering due to "mixed content" -- references to third-party content, such as ads, video, images, and so on.

Once this occurs, the website is no longer considered secure. However, automatic HTTP rewrites will upgrade insecure content on a page to make sure websites are given the "green lock" of approval.

John Graham-Cumming, chief technology officer at CloudFlare commented:

"CloudFlare has continued push the envelope when it comes to encrypting the Internet for all. Two years ago we were the first to deliver free Universal SSL for all of our customers -- doubling the size of the encrypted web in 24 hours.
Later we announced support for the next generation Internet protocols SPDY and HTTP/2, followed by free and performant encryption to the origin for CloudFlare customers with Origin CA. Now we are working to deprecate the unencrypted web. There are no longer any reasons to stay unencrypted."

In April, the company turned on HTTP/2 Server Push to shave website loading times, with an estimated loading speed improvement of 15 percent for your average domain.

The 10 step guide to using Tor to protect your privacy

Editorial standards