TLS Certificate Optimization: The Technical Details behind "No Browser Left Behind"
Cloudflare has implemented a "no browser left behind" initiative, serving over 500 billion SHA-1 certificates to visitors who otherwise would not have been able to communicate securely with their customers' sites using HTTPS. The company continues to present newer SHA-2 certificates to modern browsers using the latest in elliptic curve cryptography. Cloudflare has developed a logic tree for determining which certificate to present and, relatedly, which cipher suite to use during the SSL/TLS handshake process. This logic takes into account various factors such as plan type, presence of signature_algorithm extension, specific signature_algorithms, shared cipher suites, server_name_indication extension, and Legacy Browser Support settings in the Cloudflare dashboard.
Company
Cloudflare
Date published
March 23, 2016
Author(s)
Patrick R. Donahue
Word count
2723
Language
English
Hacker News points
21