CloudFlare Updates Encryption to Thwart NSA

On Thursday, the cloud-hosting website CloudFlare announced they would be changing all their data center encryption links from SSL to TLS, effective immediately. Short for full (or strict) transport layer security, TLS is capable of querying several certificate authorities before sending data between two points, as opposed to the older system which could only request one per stream at best.

Relying on SSL left the cloud computing company vulnerable to standard man-in-the-middle attacks, which several leaks have already proven are not difficult for the US government to pull off when they really put their minds and manpower to the task.

The transition to TLS means whatever is transmitted between CloudFlare’s data centers will now be independently analyzed and verified by different agencies before leaving or landing on either party’s hard drive.


On top of that, TLS is also capable of checking the strength of the list it uses to check the validity of the data, doubling up on its ability to stay secure and able to resist any attempts by hackers to elude the verification system or create a smokescreen that would leave the system temporarily blind.

This is a similar effort to what we’ve seen out of Microsoft and Google over the past several months, both of whom have been making concerted efforts to improve the level of security that exists on the fiber optic links in between their data farms, and prevent the NSA from being able to easily pluck up whatever information they think is important with unrestricted impunity.

CloudFlare was also kind enough to post the source code for their new and improved TLS-ready servers, inviting any other companies running an Nginx web server to utilize the same framework and keep the government snoops on the outside looking in where they belong.