/plushcap/analysis/cloudflare/globalsign-cloudflare-hacking-ssl

Globalsign, CloudFlare & Hacking SSL

What's this blog post about?

CloudFlare has partnered with GlobalSign to support SSL connections through their network. However, due to allegations of a hacker compromising GlobalSign, the company has temporarily suspended issuing certificates and delayed new SSL service establishment with CloudFlare. The risks associated with this compromise include potential identity theft and on-path attacks. To rebuild trust, browser vendors may update the list of CAs they trust and drop trust for compromised root certificates. If GlobalSign was indeed compromised, CloudFlare will reissue new SSL certificates for all its users automatically. The incident has delayed the rollout of significant improvements to the SSL issuance process but reassures that no matter the outcome, it will continue providing secure SSL solutions.

Company
Cloudflare

Date published
Sept. 8, 2011

Author(s)
Matthew Prince

Word count
1359

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.