New "Lucky Thirteen" SSL Vulnerabilities: CloudFlare Users Protected

On February 4, 2013, a new SSL vulnerability known as the Lucky Thirteen was announced. Although TLS 1.1/1.2 do not fix this issue, it is theoretically difficult to exploit and requires creating numerous connections and measuring timing differences. CloudFlare's default SSL configuration protects against this attack by deprioritizing the vulnerable cipher. To ensure protection from the new vulnerability, users should upgrade their OpenSSL or NGINX versions when a patch is released and prioritize the RC4 cipher in their web server settings.