/plushcap/analysis/cloudflare/tls-certificate-optimization-technical-details

TLS Certificate Optimization: The Technical Details behind "No Browser Left Behind"

What's this blog post about?

Cloudflare has implemented a "no browser left behind" initiative, serving over 500 billion SHA-1 certificates to visitors who otherwise would not have been able to communicate securely with their customers' sites using HTTPS. The company continues to present newer SHA-2 certificates to modern browsers using the latest in elliptic curve cryptography. Cloudflare has developed a logic tree for determining which certificate to present and, relatedly, which cipher suite to use during the SSL/TLS handshake process. This logic takes into account various factors such as plan type, presence of signature_algorithm extension, specific signature_algorithms, shared cipher suites, server_name_indication extension, and Legacy Browser Support settings in the Cloudflare dashboard.

Company
Cloudflare

Date published
March 23, 2016

Author(s)
Patrick R. Donahue

Word count
2723

Language
English

Hacker News points
21


By Matt Makai. 2021-2024.