CINXE.COM
Chrome
<!DOCTYPE html><html lang="en-us" dir="ltr"> <head><script async src="https://ot.www.cloudflare.com/public/vendor/onetrust/scripttemplates/otSDKStub.js" data-document-language="true" type="text/javascript" data-domain-script="b1e05d49-f072-4bae-9116-bdb78af15448"></script><meta name="HandheldFriendly" content="True"><meta name="viewport" content="width=device-width,minimum-scale=1,initial-scale=1"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="baidu-site-verification" content="KeThzeyMOr"><meta name="baidu-site-verification" content="code-NIlrS7gNhx"><meta charset="UTF-8"><meta name="description" content="Get the latest news on how products at Cloudflare are built, technologies used, and join the teams helping to build a better Internet."><title>Chrome</title><meta name="title" content="Chrome"><meta name="msvalidate.01" content="CF295E1604697F9CAD18B5A232E871F6"><meta class="swiftype" name="language" data-type="string" content="en"><script src="/static/z/i.js" type="text/javascript" referrerpolicy="origin"></script><meta name="viewport" content="width=device-width, initial-scale=1.0"><link rel="apple-touch-icon" sizes="180x180" href="/images/favicon-32x32.png"><link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32.png"><link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-32x32.png"><link rel="mask-icon" href="/images/favicon-32x32.png" color="#f78100"><link rel="stylesheet" href="/themes/ashes.min.css"><link rel="sitemap" href="/sitemap.xml"><meta name="msapplication-TileColor" content="#da532c"><meta name="theme-color" content="#ffffff"><link rel="canonical" href="https://blog.cloudflare.com/tag/chrome/"><link rel="alternate" type="application/rss+xml" title="Cloudflare Chrome RSS Feed" href="/tag/chrome/rss"><link rel="alternate" hreflang="en-us" href="https://blog.cloudflare.com/tag/chrome/"><link rel="alternate" hreflang="ko-kr" href="https://blog.cloudflare.com/ko-kr/tag/chrome/"><link rel="alternate" hreflang="zh-tw" href="https://blog.cloudflare.com/zh-tw/tag/chrome/"><link rel="alternate" hreflang="zh-cn" href="https://blog.cloudflare.com/zh-cn/tag/chrome/"><!-- General Meta Tags --><meta property="article:publisher" content="https://www.facebook.com/cloudflare"><!-- Facebook Meta Tags --><meta property="og:site_name" content="The Cloudflare Blog"><meta property="og:type" content="website"><meta property="og:title" content="The Cloudflare Blog: Chrome"><meta property="og:description" content="Collection of Cloudflare blog posts tagged 'Chrome'"><meta property="og:url" content="https://blog.cloudflare.com/tag/chrome/"><meta property="og:image:width" content="1200"><meta property="og:image:height" content="628"><!-- Twitter/X Meta Tags --><meta name="twitter:title" content="The Cloudflare Blog: Chrome"><meta name="twitter:description" content="Collection of Cloudflare blog posts tagged 'Chrome'"><meta name="twitter:url" content="https://blog.cloudflare.com/tag/chrome/"><meta name="twitter:card" content="summary_large_image"><meta name="twitter:site" content="@cloudflare"><meta property="og:image"><meta name="twitter:image"><link rel="stylesheet" href="/_astro/index.Bpd2cWaZ.css"></head><style>astro-island,astro-slot,astro-static-slot{display:contents}</style><script>(()=>{var e=async t=>{await(await t())()};(self.Astro||(self.Astro={})).only=e;window.dispatchEvent(new Event("astro:only"));})();;(()=>{var A=Object.defineProperty;var g=(i,o,a)=>o in i?A(i,o,{enumerable:!0,configurable:!0,writable:!0,value:a}):i[o]=a;var d=(i,o,a)=>g(i,typeof o!="symbol"?o+"":o,a);{let i={0:t=>m(t),1:t=>a(t),2:t=>new RegExp(t),3:t=>new Date(t),4:t=>new Map(a(t)),5:t=>new Set(a(t)),6:t=>BigInt(t),7:t=>new URL(t),8:t=>new Uint8Array(t),9:t=>new Uint16Array(t),10:t=>new Uint32Array(t),11:t=>1/0*t},o=t=>{let[l,e]=t;return l in i?i[l](e):void 0},a=t=>t.map(o),m=t=>typeof t!="object"||t===null?t:Object.fromEntries(Object.entries(t).map(([l,e])=>[l,o(e)]));class y extends HTMLElement{constructor(){super(...arguments);d(this,"Component");d(this,"hydrator");d(this,"hydrate",async()=>{var b;if(!this.hydrator||!this.isConnected)return;let e=(b=this.parentElement)==null?void 0:b.closest("astro-island[ssr]");if(e){e.addEventListener("astro:hydrate",this.hydrate,{once:!0});return}let c=this.querySelectorAll("astro-slot"),n={},h=this.querySelectorAll("template[data-astro-template]");for(let r of h){let s=r.closest(this.tagName);s!=null&&s.isSameNode(this)&&(n[r.getAttribute("data-astro-template")||"default"]=r.innerHTML,r.remove())}for(let r of c){let s=r.closest(this.tagName);s!=null&&s.isSameNode(this)&&(n[r.getAttribute("name")||"default"]=r.innerHTML)}let p;try{p=this.hasAttribute("props")?m(JSON.parse(this.getAttribute("props"))):{}}catch(r){let s=this.getAttribute("component-url")||"<unknown>",v=this.getAttribute("component-export");throw v&&(s+=` (export ${v})`),console.error(`[hydrate] Error parsing props for component ${s}`,this.getAttribute("props"),r),r}let u;await this.hydrator(this)(this.Component,p,n,{client:this.getAttribute("client")}),this.removeAttribute("ssr"),this.dispatchEvent(new CustomEvent("astro:hydrate"))});d(this,"unmount",()=>{this.isConnected||this.dispatchEvent(new CustomEvent("astro:unmount"))})}disconnectedCallback(){document.removeEventListener("astro:after-swap",this.unmount),document.addEventListener("astro:after-swap",this.unmount,{once:!0})}connectedCallback(){if(!this.hasAttribute("await-children")||document.readyState==="interactive"||document.readyState==="complete")this.childrenConnectedCallback();else{let e=()=>{document.removeEventListener("DOMContentLoaded",e),c.disconnect(),this.childrenConnectedCallback()},c=new MutationObserver(()=>{var n;((n=this.lastChild)==null?void 0:n.nodeType)===Node.COMMENT_NODE&&this.lastChild.nodeValue==="astro:end"&&(this.lastChild.remove(),e())});c.observe(this,{childList:!0}),document.addEventListener("DOMContentLoaded",e)}}async childrenConnectedCallback(){let e=this.getAttribute("before-hydration-url");e&&await import(e),this.start()}async start(){let e=JSON.parse(this.getAttribute("opts")),c=this.getAttribute("client");if(Astro[c]===void 0){window.addEventListener(`astro:${c}`,()=>this.start(),{once:!0});return}try{await Astro[c](async()=>{let n=this.getAttribute("renderer-url"),[h,{default:p}]=await Promise.all([import(this.getAttribute("component-url")),n?import(n):()=>()=>{}]),u=this.getAttribute("component-export")||"default";if(!u.includes("."))this.Component=h[u];else{this.Component=h;for(let f of u.split("."))this.Component=this.Component[f]}return this.hydrator=p,this.hydrate},e,this)}catch(n){console.error(`[astro-island] Error hydrating ${this.getAttribute("component-url")}`,n)}}attributeChangedCallback(){this.hydrate()}}d(y,"observedAttributes",["props"]),customElements.get("astro-island")||customElements.define("astro-island",y)}})();</script><astro-island uid="1VITot" component-url="/_astro/GoogleAnalytics.DSjxwi8U.js" component-export="GoogleAnalytics" renderer-url="/_astro/client.DLO1yDVm.js" props="{"title":[0,"Chrome"],"canonical":[0,"https://blog.cloudflare.com/tag/chrome"],"info":[0],"tagInfo":[0,{"id":[0,"3skwJ34K0c3CEY1cNogR4n"],"slug":[0,"chrome"],"url":[0,"https://blog.cloudflare.com/chrome"],"name":[0,"Chrome"],"visibility":[0,"public"],"feature_image":[0,""]}],"authorInfo":[0],"translatedPosts":[1,[]]}" ssr client="only" opts="{"name":"GoogleAnalytics","value":"react"}"></astro-island><script>(()=>{var l=(n,t)=>{let i=async()=>{await(await n())()},e=typeof t.value=="object"?t.value:void 0,s={timeout:e==null?void 0:e.timeout};"requestIdleCallback"in window?window.requestIdleCallback(i,s):setTimeout(i,s.timeout||200)};(self.Astro||(self.Astro={})).idle=l;window.dispatchEvent(new Event("astro:idle"));})();</script><astro-island uid="Z278kXV" prefix="r8" component-url="/_astro/Navigation.CSu6dGvY.js" component-export="Navigation" renderer-url="/_astro/client.DLO1yDVm.js" props="{"title":[0,"The Cloudflare Blog"],"logo":[0,"//images.ctfassets.net/zkvhlag99gkb/69RwBidpiEHCDZ9rFVVk7T/092507edbed698420b89658e5a6d5105/CF_logo_stacked_blktype.png"],"pagesStore":[0,{"page":[0,"Tag"],"slug":[0,"chrome"],"translationsAvailable":[1,[[0,"ko-kr"],[0,"zh-tw"],[0,"zh-cn"]]],"navData":[1,[[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"J61Eszqn98amrYHq4IhTx"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:43:46.068Z"],"updatedAt":[0,"2025-02-24T08:02:58.555Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,67],"revision":[0,29],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Zero Trust"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"5kZtWqjqa7aOUoZr8NFGwI"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:43:26.040Z"],"updatedAt":[0,"2025-02-18T05:02:47.858Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,106],"revision":[0,33],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Cloudflare Radar"],"name":[0,"Radar"],"slug":[0,"cloudflare-radar"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:42:46.231Z"],"updatedAt":[0,"2025-02-18T05:02:46.749Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,66],"revision":[0,23],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Security"],"name":[0,"Security"],"slug":[0,"security"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"6Foe3R8of95cWVnQwe5Toi"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T22:44:28.803Z"],"updatedAt":[0,"2025-02-10T05:02:55.192Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,62],"revision":[0,23],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"AI"],"name":[0,"AI"],"slug":[0,"ai"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"6QktrXeEFcl4e2dZUTZVGl"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:43:20.198Z"],"updatedAt":[0,"2025-02-04T17:23:05.518Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,57],"revision":[0,24],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Product News"],"name":[0,"Product News"],"slug":[0,"product-news"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"4HIPcb68qM0e26fIxyfzwQ"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:43:21.536Z"],"updatedAt":[0,"2025-02-04T17:19:33.689Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,59],"revision":[0,26],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Developers"],"name":[0,"Developers"],"slug":[0,"developers"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"48r7QV00gLMWOIcM1CSDRy"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:54:22.790Z"],"updatedAt":[0,"2025-02-04T17:17:33.067Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,59],"revision":[0,26],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Speed & Reliability"],"name":[0,"Speed & Reliability"],"slug":[0,"speed-and-reliability"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"V86khSc459Yi1AhTlvtY7"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:46:53.657Z"],"updatedAt":[0,"2025-02-04T17:12:59.473Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,57],"revision":[0,21],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Partners"],"name":[0,"Partners"],"slug":[0,"partners"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"4g8tPriKOAUwdUT4jNPebe"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:46:40.927Z"],"updatedAt":[0,"2025-02-04T17:11:28.566Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,55],"revision":[0,24],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Life at Cloudflare"],"name":[0,"Life at Cloudflare"],"slug":[0,"life-at-cloudflare"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"16yk8DVbNNifxov5cWvAov"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:56:23.848Z"],"updatedAt":[0,"2025-01-29T05:03:35.958Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,63],"revision":[0,28],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Policy & Legal"],"name":[0,"Policy & Legal"],"slug":[0,"policy"],"featured":[0,true]}]}]]]}],"locale":[0,"en-us"],"translations":[0,{"posts.by":[0,"By"],"footer.gdpr":[0,"GDPR"],"lang_blurb1":[0,"This post is also available in {lang1}."],"lang_blurb2":[0,"This post is also available in {lang1} and {lang2}."],"lang_blurb3":[0,"This post is also available in {lang1}, {lang2} and {lang3}."],"footer.press":[0,"Press"],"header.title":[0,"The Cloudflare Blog"],"search.clear":[0,"Clear"],"search.filter":[0,"Filter"],"search.source":[0,"Source"],"footer.careers":[0,"Careers"],"footer.company":[0,"Company"],"footer.support":[0,"Support"],"footer.the_net":[0,"theNet"],"search.filters":[0,"Filters"],"footer.our_team":[0,"Our team"],"footer.webinars":[0,"Webinars"],"page.more_posts":[0,"More posts"],"posts.time_read":[0,"{time} min read"],"search.language":[0,"Language"],"footer.community":[0,"Community"],"footer.resources":[0,"Resources"],"footer.solutions":[0,"Solutions"],"footer.trademark":[0,"Trademark"],"header.subscribe":[0,"Subscribe"],"footer.compliance":[0,"Compliance"],"footer.free_plans":[0,"Free plans"],"footer.impact_ESG":[0,"Impact/ESG"],"posts.follow_on_X":[0,"Follow on X"],"footer.help_center":[0,"Help center"],"footer.network_map":[0,"Network Map"],"header.please_wait":[0,"Please Wait"],"page.related_posts":[0,"Related posts"],"search.result_stat":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong> for <strong>{search_keyword}</strong>"],"footer.case_studies":[0,"Case Studies"],"footer.connect_2024":[0,"Connect 2024"],"footer.terms_of_use":[0,"Terms of Use"],"footer.white_papers":[0,"White Papers"],"footer.cloudflare_tv":[0,"Cloudflare TV"],"footer.community_hub":[0,"Community Hub"],"footer.compare_plans":[0,"Compare plans"],"footer.contact_sales":[0,"Contact Sales"],"header.contact_sales":[0,"Contact Sales"],"header.email_address":[0,"Email Address"],"page.error.not_found":[0,"Page not found"],"footer.developer_docs":[0,"Developer docs"],"footer.privacy_policy":[0,"Privacy Policy"],"footer.request_a_demo":[0,"Request a demo"],"page.continue_reading":[0,"Continue reading"],"footer.analysts_report":[0,"Analyst reports"],"footer.for_enterprises":[0,"For enterprises"],"footer.getting_started":[0,"Getting Started"],"footer.learning_center":[0,"Learning Center"],"footer.project_galileo":[0,"Project Galileo"],"pagination.newer_posts":[0,"Newer Posts"],"pagination.older_posts":[0,"Older Posts"],"posts.social_buttons.x":[0,"Discuss on X"],"search.icon_aria_label":[0,"Search"],"search.source_location":[0,"Source/Location"],"footer.about_cloudflare":[0,"About Cloudflare"],"footer.athenian_project":[0,"Athenian Project"],"footer.become_a_partner":[0,"Become a partner"],"footer.cloudflare_radar":[0,"Cloudflare Radar"],"footer.network_services":[0,"Network services"],"footer.trust_and_safety":[0,"Trust & Safety"],"header.get_started_free":[0,"Get Started Free"],"page.search.placeholder":[0,"Search Cloudflare"],"footer.cloudflare_status":[0,"Cloudflare Status"],"footer.cookie_preference":[0,"Cookie Preferences"],"header.valid_email_error":[0,"Must be valid email."],"search.result_stat_empty":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong>"],"footer.connectivity_cloud":[0,"Connectivity cloud"],"footer.developer_services":[0,"Developer services"],"footer.investor_relations":[0,"Investor relations"],"page.not_found.error_code":[0,"Error Code: 404"],"search.autocomplete_title":[0,"Insert a query. Press enter to send"],"footer.logos_and_press_kit":[0,"Logos & press kit"],"footer.application_services":[0,"Application services"],"footer.get_a_recommendation":[0,"Get a recommendation"],"posts.social_buttons.reddit":[0,"Discuss on Reddit"],"footer.sse_and_sase_services":[0,"SSE and SASE services"],"page.not_found.outdated_link":[0,"You may have used an outdated link, or you may have typed the address incorrectly."],"footer.report_security_issues":[0,"Report Security Issues"],"page.error.error_message_page":[0,"Sorry, we can't find the page you are looking for."],"header.subscribe_notifications":[0,"Subscribe to receive notifications of new posts:"],"footer.cloudflare_for_campaigns":[0,"Cloudflare for Campaigns"],"header.subscription_confimation":[0,"Subscription confirmed. Thank you for subscribing!"],"posts.social_buttons.hackernews":[0,"Discuss on Hacker News"],"footer.diversity_equity_inclusion":[0,"Diversity, equity & inclusion"],"footer.critical_infrastructure_defense_project":[0,"Critical Infrastructure Defense Project"]}]}" ssr client="idle" opts="{"name":"NavigationComponent","value":true}" await-children><header class="flex flex-row flex-wrap justify-between items-flex-end mw8 center mv3 pl3 pr1"><div class="w-100 flex items-flex-end justify-between justify-start-l"><div class="w-100 tr flex justify-end"><div class="flex justify-between items-center"><span class="dn di-l pr1"><a href="https://dash.cloudflare.com/sign-up" class="f1 blue1 dn di-l b no-underline underline-hover" target="_blank" rel="noreferrer">Get Started Free</a></span><span class="f1 gray4 dn di-l pr1">|</span><span class="dn di-l"><a target="_blank" href="https://www.cloudflare.com/plans/enterprise/contact/" class="f1 gray4 no-underline underline-hover pr1" rel="noreferrer">Contact Sales</a></span><span class="f1 gray4 dn di-l pr1">|</span><div class="relative flex cf-dropdown"><div class="flex items-center" dir="ltr"><button type="button" class="f1 gray4 no-underline language-picker js-language-picker" style="background:transparent;border:none;padding:0"><span class="language-picker__globe-icon"></span><span class="language-picker__caret-icon ph1">▼</span></button></div></div></div></div></div><div class="w-100 w-50-l flex items-end nb5 nb1-l"><a href="/" class="header-logo mr4 dn db-l"><img class="header-logo" src="https://cf-assets.www.cloudflare.com/zkvhlag99gkb/69RwBidpiEHCDZ9rFVVk7T/092507edbed698420b89658e5a6d5105/CF_logo_stacked_blktype.png" alt="The Cloudflare Blog" width="170" height="57"/></a><h2 class="mt0 mb1 dn di-l"><a href="/" class="fw5 f5 gray3 no-underline"><span class="dn di-l">The Cloudflare Blog</span></a></h2></div><div class="w-100 w-50-l dn db-l"><div class="w-100 tr mkto-sub-message"><p class="f2">Subscribe to receive notifications of new posts:</p></div><div class="w-100 tr"><div class="marketo-form-container"><form id="mktoForm_1653"><div class="top-subscribe-form-container"><div class="top-subscribe-form-field"><input placeholder="Email Address" class="top-subscribe-form-input" name="email" type="email" title="Must be valid email."/></div><button class="top-subscribe-form-button" type="button">Subscribe</button></div></form></div></div></div></header><nav dir="ltr" class="bb b--black-10 db dn-l w-100 ph3 "><div class=" flex justify-between items-center" style="height:44px"><a href="/search/"><img class="h-6 w-6" src="/images/magnifier.svg" alt="magnifier icon"/></a><button type="button" style="background:transparent;border:none"><img src="/images/hamburger.svg" alt="hamburger menu"/></button></div><div class="js-mobile-nav-container dn"><div class="flex flex-column flex-wrap bg-gray9 o-95 absolute w-90 ph3 z-1"><div class="pv3 ph2 tl"><a href="/tag/zero-trust/" class="no-underline gray1 f4 fw7">Zero Trust</a></div><div class="pv3 ph2 tl"><a href="/tag/cloudflare-radar/" class="no-underline gray1 f4 fw7">Radar</a></div><div class="pv3 ph2 tl"><a href="/tag/security/" class="no-underline gray1 f4 fw7">Security</a></div><div class="pv3 ph2 tl"><a href="/tag/ai/" class="no-underline gray1 f4 fw7">AI</a></div><div class="pv3 ph2 tl"><a href="/tag/product-news/" class="no-underline gray1 f4 fw7">Product News</a></div><div class="pv3 ph2 tl"><a href="/tag/developers/" class="no-underline gray1 f4 fw7">Developers</a></div><div class="pv3 ph2 tl"><a href="/tag/speed-and-reliability/" class="no-underline gray1 f4 fw7">Speed & Reliability</a></div><div class="pv3 ph2 tl"><a href="/tag/partners/" class="no-underline gray1 f4 fw7">Partners</a></div><div class="pv3 ph2 tl"><a href="/tag/life-at-cloudflare/" class="no-underline gray1 f4 fw7">Life at Cloudflare</a></div><div class="pv3 ph2 tl"><a href="/tag/policy/" class="no-underline gray1 f4 fw7">Policy & Legal</a></div></div></div></nav><nav id="nav" class="w-100 bb-0 bb-l b--black-10 z-1"><div id="desktop-nav-items-container" class="flex flex-wrap justify-between items-center mw8 center mv3 mv0-l"><div data-tag="zero-trust" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/zero-trust/" class="no-underline gray1 f2 fw5 pv3">Zero Trust</a></div><div data-tag="cloudflare-radar" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/cloudflare-radar/" class="no-underline gray1 f2 fw5 pv3">Radar</a></div><div data-tag="security" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/security/" class="no-underline gray1 f2 fw5 pv3">Security</a></div><div data-tag="ai" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/ai/" class="no-underline gray1 f2 fw5 pv3">AI</a></div><div data-tag="product-news" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/product-news/" class="no-underline gray1 f2 fw5 pv3">Product News</a></div><div data-tag="developers" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/developers/" class="no-underline gray1 f2 fw5 pv3">Developers</a></div><div data-tag="speed-and-reliability" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/speed-and-reliability/" class="no-underline gray1 f2 fw5 pv3">Speed & Reliability</a></div><div data-tag="partners" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/partners/" class="no-underline gray1 f2 fw5 pv3">Partners</a></div><div data-tag="life-at-cloudflare" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/life-at-cloudflare/" class="no-underline gray1 f2 fw5 pv3">Life at Cloudflare</a></div><div data-tag="policy" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/policy/" class="no-underline gray1 f2 fw5 pv3">Policy & Legal</a></div><div class="nav-item ml2 mr3 dn db-l pv3" data-tag="search icon"><a href="/search/"><img id="search-icon" class="h-6 w-6" src="/images/magnifier.svg" alt="magnifier icon"/></a></div></div></nav><!--astro:end--></astro-island> <script>(()=>{var e=async t=>{await(await t())()};(self.Astro||(self.Astro={})).load=e;window.dispatchEvent(new Event("astro:load"));})();</script> <div class="flex flex-row flex-wrap mw8 center bb b--gray8 ph3"> <h1 class="site-title f7 fw4 mt4 mb3 mv4-l">Chrome</h1> </div> <main id="site-main" class="flex flex-row flex-wrap mw8 center pt0 pt3-l mt4-l"> <astro-island uid="4GBCd" prefix="r0" component-url="/_astro/PostCard.CG32ktie.js" component-export="PostCard" renderer-url="/_astro/client.DLO1yDVm.js" props="{"currentPage":[0,1],"isFeaturedImageFirstPost":[0,true],"post":[0,{"id":[0,"47vZ5BZfqt5cU38XabKyUA"],"title":[0,"Privacy Pass: upgrading to the latest protocol version"],"slug":[0,"privacy-pass-standard"],"excerpt":[0,"In this post, we explore the latest changes to Privacy Pass protocol. We are also excited to introduce a public implementation of the latest IETF draft of the Privacy Pass protocol — including a set of open-source templates that can be used to implement Privacy Pass Origins, Issuers, and Attesters"],"featured":[0,false],"html":[0,"<p></p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2LZJxp89GI8PxGwGSPRQJL/9cfe61e756369dcad6cb78f5ad89ec1f/image9.png\" alt=\"Privacy Pass: Upgrading to the latest protocol version\" class=\"kg-image\" width=\"1800\" height=\"1013\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h2 id=\"enabling-anonymous-access-to-the-web-with-privacy-preserving-cryptography\">Enabling anonymous access to the web with privacy-preserving cryptography</h2>\n <a href=\"#enabling-anonymous-access-to-the-web-with-privacy-preserving-cryptography\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The challenge of telling humans and bots apart is almost as old as the web itself. From online ticket vendors to dating apps, to ecommerce and finance — there are many legitimate reasons why you&#39;d want to know if it&#39;s a person or a machine knocking on the front door of your website.</p><p>Unfortunately, the tools for the web have traditionally been clunky and sometimes involved a bad user experience. None more so than the CAPTCHA — an irksome solution that humanity wastes a <a href=\"/introducing-cryptographic-attestation-of-personhood/\">staggering</a> amount of time on. A more subtle but intrusive approach is IP tracking, which uses IP addresses to identify and take action on suspicious traffic, but that too can come with <a href=\"/consequences-of-ip-blocking/\">unforeseen consequences</a>.</p><p>And yet, the problem of distinguishing legitimate human requests from automated bots remains as vital as ever. This is why for years Cloudflare has invested in the Privacy Pass protocol — a novel approach to establishing a user’s identity by relying on cryptography, rather than crude puzzles — all while providing a streamlined, privacy-preserving, and often frictionless experience to end users.</p><p>Cloudflare began <a href=\"/cloudflare-supports-privacy-pass/\">supporting Privacy Pass</a> in 2017, with the release of browser extensions for Chrome and Firefox. Web admins with their sites on Cloudflare would have Privacy Pass enabled in the Cloudflare Dash; users who installed the extension in their browsers would see fewer CAPTCHAs on websites they visited that had Privacy Pass enabled.</p><p>Since then, Cloudflare <a href=\"/end-cloudflare-captcha/\">stopped issuing CAPTCHAs</a>, and Privacy Pass has come a long way. Apple uses a version of Privacy Pass for its <a href=\"https://developer.apple.com/news/?id=huqjyh7k\">Private Access Tokens</a> system which works in tandem with a device’s secure enclave to attest to a user’s humanity. And Cloudflare uses Privacy Pass as an important signal in our Web Application Firewall and Bot Management products — which means millions of websites natively offer Privacy Pass.</p><p>In this post, we explore the latest changes to Privacy Pass protocol. We are also excited to introduce a public implementation of the latest IETF draft of the <a href=\"https://www.ietf.org/archive/id/draft-ietf-privacypass-protocol-16.html\">Privacy Pass protocol</a> — including a <a href=\"https://github.com/cloudflare?q=pp-&type=all&language=&sort=#org-repositories\">set of open-source templates</a> that can be used to implement Privacy Pass <a href=\"https://github.com/cloudflare/pp-origin\"><i>Origins</i></a><i>,</i> <a href=\"https://github.com/cloudflare/pp-issuer\"><i>Issuers</i></a>, and <a href=\"https://github.com/cloudflare/pp-attester\"><i>Attesters</i></a>. These are based on Cloudflare Workers, and are the easiest way to get started with a new deployment of Privacy Pass.</p><p>To complement the updated implementations, we are releasing a new version of our Privacy Pass browser extensions (<a href=\"https://addons.mozilla.org/en-US/firefox/addon/privacy-pass/\">Firefox</a>, <a href=\"https://chromewebstore.google.com/detail/privacy-pass/ajhmfdgkijocedmfjonnpjfojldioehi\">Chrome</a>), which are rolling out with the name: <i>Silk - Privacy Pass Client</i>. Users of these extensions can expect to see fewer bot-checks around the web, and will be contributing to research about privacy preserving signals via a set of trusted attesters, which can be configured in the extension’s settings panel.</p><p>Finally, we will discuss how Privacy Pass can be used for an array of scenarios beyond differentiating bot from human traffic.</p><p><b>Notice to our users</b></p><ul><li><p>If you use the Privacy Pass API that controls Privacy Pass configuration on Cloudflare, you can remove these calls. This API is no longer needed since Privacy Pass is now included by default in our Challenge Platform. Out of an abundance of caution for our customers, we are doing a <a href=\"https://developers.cloudflare.com/fundamentals/api/reference/deprecations/\">four-month deprecation notice</a>.</p></li><li><p>If you have the Privacy Pass extension installed, it should automatically update to <i>Silk - Privacy Pass Client</i> (<a href=\"https://addons.mozilla.org/en-US/firefox/addon/privacy-pass/\">Firefox</a>, <a href=\"https://chromewebstore.google.com/detail/privacy-pass/ajhmfdgkijocedmfjonnpjfojldioehi\">Chrome</a>) over the next few days. We have renamed it to keep the distinction clear between the protocol itself and a client of the protocol.</p></li></ul>\n <div class=\"flex anchor relative\">\n <h2 id=\"brief-history\">Brief history</h2>\n <a href=\"#brief-history\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>In the last decade, we&#39;ve seen the <a href=\"/next-generation-privacy-protocols/\">rise of protocols</a> with privacy at their core, including <a href=\"/building-privacy-into-internet-standards-and-how-to-make-your-app-more-private-today/\">Oblivious HTTP (OHTTP)</a>, <a href=\"/deep-dive-privacy-preserving-measurement/\">Distributed aggregation protocol (DAP)</a>, and <a href=\"/unlocking-quic-proxying-potential/\">MASQUE</a>. These protocols improve privacy when browsing and interacting with services online. By protecting users&#39; privacy, these protocols also ask origins and website owners to revise their expectations around the data they can glean from user traffic. This might lead them to reconsider existing assumptions and mitigations around suspicious traffic, such as <a href=\"/consequences-of-ip-blocking/\">IP filtering</a>, which often has unintended consequences.</p><p>In 2017, Cloudflare announced <a href=\"/cloudflare-supports-privacy-pass/\">support for Privacy Pass</a>. At launch, this meant improving content accessibility for web users who would see a lot of interstitial pages (such as <a href=\"https://www.cloudflare.com/learning/bots/how-captchas-work/\">CAPTCHAs</a>) when browsing websites protected by Cloudflare. Privacy Pass tokens provide a signal about the user’s capabilities to website owners while protecting their privacy by ensuring each token redemption is unlinkable to its issuance context. Since then, the technology has turned into a <a href=\"https://datatracker.ietf.org/wg/privacypass/documents/\">fully fledged protocol</a> used by millions thanks to academic and industry effort. The existing browser extension accounts for hundreds of thousands of downloads. During the same time, Cloudflare has dramatically evolved the way it allows customers to challenge their visitors, being <a href=\"/end-cloudflare-captcha/\">more flexible about the signals</a> it receives, and <a href=\"/turnstile-ga/\">moving away from CAPTCHA</a> as a binary legitimacy signal.</p><p>Deployments of this research have led to a broadening of use cases, opening the door to different kinds of attestation. An attestation is a cryptographically-signed data point supporting facts. This can include a signed token indicating that the user has successfully solved a CAPTCHA, having a user’s hardware attest it’s untampered, or a piece of data that an attester can verify against another data source.</p><p>For example, in 2022, Apple hardware devices began to offer Privacy Pass tokens to websites who wanted to reduce how often they show CAPTCHAs, by using the hardware itself as an attestation factor. Before showing images of buses and fire hydrants to users, CAPTCHA providers can request a <a href=\"https://developer.apple.com/news/?id=huqjyh7k\">Private Access Token</a> (PAT). This native support does not require installing extensions, or any user action to benefit from a smoother and more private web browsing experience.</p><p>Below is a brief overview of changes to the protocol we participated in:</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3YImfph78oDPj3kgEcyvV6/37bcd89ffcfff8b636b00c8e931f3218/image8.png\" alt=\"\" class=\"kg-image\" width=\"1808\" height=\"631\" loading=\"lazy\"/>\n \n </figure><p>The timeline presents cryptographic changes, community inputs, and industry collaborations. These changes helped shape better standards for the web, such as VOPRF (<a href=\"https://www.rfc-editor.org/rfc/rfc9497\">RFC 9497</a>), or RSA Blind Signatures (<a href=\"https://www.rfc-editor.org/rfc/rfc9474\">RFC 9474</a>). In the next sections, we dive in the Privacy Pass protocol to understand its ins and outs.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"anonymous-credentials-in-real-life\">Anonymous credentials in real life</h2>\n <a href=\"#anonymous-credentials-in-real-life\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Before explaining the protocol in more depth, let&#39;s use an analogy. You are at a music festival. You bought your ticket online with a student discount. When you arrive at the gates, an agent scans your ticket, checks your student status, and gives you a yellow wristband and two drink tickets.</p><p>During the festival, you go in and out by showing your wristband. When a friend asks you to grab a drink, you pay with your tickets. One for your drink and one for your friend. You give your tickets to the bartender, they check the tickets, and give you a drink. The characteristics that make this interaction private is that the drinks tickets cannot be traced back to you or your payment method, but they can be verified as having been unused and valid for purchase of a drink.</p><p>In the web use case, the Internet is a festival. When you arrive at the gates of a website, an agent scans your request, and gives you a session cookie as well as two Privacy Pass tokens. They could have given you just one token, or more than two, but in our example ‘two tokens’ is the given website’s policy. You can use these tokens to attest your humanity, to authenticate on certain websites, or even to confirm the legitimacy of your hardware.</p><p>Now, you might wonder if this is a technique we have been using for years, why do we need fancy cryptography and standardization efforts? Well, unlike at a real-world music festival where most people don’t carry around photocopiers, on the Internet it is pretty easy to copy tokens. For instance, how do we stop people using a token twice? We could put a unique number on each token, and check it is not spent twice, but that would allow the gate attendant to tell the bartender which numbers were linked to which person. So, we need cryptography.</p><p>When another website presents a challenge to you, you provide your Privacy Pass token and are then allowed to view a gallery of beautiful cat pictures. The difference with the festival is this challenge might be interactive, which would be similar to the bartender giving you a numbered ticket which would have to be signed by the agent before getting a drink. The website owner can verify that the token is valid but has no way of tracing or connecting the user back to the action that provided them with the Privacy Pass tokens. With Privacy Pass terminology, you are a Client, the website is an Origin, the agent is an Attester, and the bar an Issuer. The next section goes through these in more detail.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"privacy-pass-protocol\">Privacy Pass protocol</h2>\n <a href=\"#privacy-pass-protocol\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Privacy Pass specifies an extensible protocol for creating and redeeming anonymous and transferable tokens. In fact, Apple has their own implementation with Private Access Tokens (PAT), and later we will describe another implementation with the Silk browser extension. Given PAT was the first to implement the IETF defined protocol, Privacy Pass is sometimes referred to as PAT in the literature.</p><p>The protocol is generic, and defines four components:</p><ul><li><p>Client: Web user agent with a Privacy Pass enabled browser. This could be your <a href=\"/eliminating-captchas-on-iphones-and-macs-using-new-standard/\">Apple device with PAT</a>, or your web browser with <a href=\"https://github.com/cloudflare/pp-browser-extension\">the Silk extension installed</a>. Typically, this is the actor who is requesting content and is asked to share some attribute of themselves.</p></li><li><p>Origin: Serves content requested by the Client. The Origin trusts one or more Issuers, and presents Privacy Pass challenges to the Client. For instance, Cloudflare Managed Challenge is a Privacy Pass origin serving two Privacy Pass challenges: one for Apple PAT Issuer, one for Cloudflare Research Issuer.</p></li><li><p>Issuer: Signs Privacy Pass tokens upon request from a trusted party, either an Attester or a Client depending on the deployment model. Different Issuers have their own set of trusted parties, depending on the security level they are looking for, as well as their privacy considerations. An Issuer validating device integrity should use different methods that vouch for this attribute to acknowledge the diversity of Client configurations.</p></li><li><p>Attester: Verifies an attribute of the Client and when satisfied requests a signed Privacy Pass token from the Issuer to pass back to the Client. Before vouching for the Client, an Attester may ask the Client to complete a specific task. This task could be a CAPTCHA, a location check, or age verification or some other check that will result in a single binary result. The Privacy Pass token will then share this one-bit of information in an unlinkable manner.</p></li></ul><p>They interact as illustrated below.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7tX1xRQv6Ltif1NRj2fCOa/eeb412fa39d73e2232f4b062d95cd708/Frame-699-1-.png\" alt=\"\" class=\"kg-image\" width=\"1492\" height=\"780\" loading=\"lazy\"/>\n \n </figure><p>Let&#39;s dive into what&#39;s really happening with an example. The User wants to access an Origin, say store.example.com. This website has suffered attacks or abuse in the past, and the site is using Privacy Pass to help avoid these going forward. To that end, the Origin returns <a href=\"https://www.rfc-editor.org/rfc/rfc9110#field.www-authenticate\">an authentication request</a> to the Client: <code>WWW-Authenticate: PrivateToken challenge=&quot;A==&quot;,token-key=&quot;B==&quot;</code>. In this way, the Origin signals that it accepts tokens from the Issuer with public key “B==” to satisfy the challenge. That Issuer in turn trusts reputable Attesters to vouch for the Client not being an attacker by means of the presence of a cookie, CAPTCHA, Turnstile, or <a href=\"/introducing-cryptographic-attestation-of-personhood/\">CAP challenge</a> for example. For accessibility reasons for our example, let us say that the Client likely prefers the Turnstile method. The User’s browser prompts them to solve a Turnstile challenge. On success, it contacts the Issuer “B==” with that solution, and then replays the initial requests to store.example.com, this time sending along the token header <code>Authorization: PrivateToken token=&quot;C==&quot;</code>, which the Origin accepts and returns your desired content to the Client. And that’s it.</p><p>We’ve described the Privacy Pass authentication protocol. While Basic authentication (<a href=\"https://www.rfc-editor.org/rfc/rfc7617\">RFC 7671</a>) asks you for a username and a password, the PrivateToken authentication scheme allows the browser to be more flexible on the type of check, while retaining privacy. The Origin store.example.com does not know your attestation method, they just know you are reputable according to the token issuer. In the same spirit, the Issuer &quot;B==&quot; does not see your IP, nor the website you are visiting. This separation between issuance and redemption, also referred to as unlinkability, is what <a href=\"https://www.ietf.org/archive/id/draft-ietf-privacypass-architecture-16.html\">makes Privacy Pass private</a>.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"demo-time\">Demo time</h2>\n <a href=\"#demo-time\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>To put the above in practice, let’s see how the protocol works with Silk, a browser extension providing Privacy Pass support. First, download the relevant <a href=\"https://chromewebstore.google.com/detail/privacy-pass/ajhmfdgkijocedmfjonnpjfojldioehi\">Chrome</a> or <a href=\"https://addons.mozilla.org/en-US/firefox/addon/privacy-pass/\">Firefox</a> extension.</p><p>Then, head to <a href=\"https://demo-pat.research.cloudflare.com/login\">https://demo-pat.research.cloudflare.com/login</a>. The page returns a 401 Privacy Pass Token not presented. In fact, the origin expects you to perform a PrivateToken authentication. If you don’t have the extension installed, the flow stops here. If you have the extension installed, the extension is going to orchestrate the flow required to get you a token requested by the Origin.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2ZPDrhytZNVoB81Q7RILu5/7c115c9ed069aa09694373ec1adcc4d0/image10.png\" alt=\"\" class=\"kg-image\" width=\"1596\" height=\"1105\" loading=\"lazy\"/>\n \n </figure><p>With the extension installed, you are directed to a new tab <a href=\"https://pp-attester-turnstile.research.cloudflare.com/challenge\">https://pp-attester-turnstile.research.cloudflare.com/challenge</a>. This is a page provided by an Attester able to deliver you a token signed by the Issuer request by the Origin. In this case, the Attester checks you’re able to solve a Turnstile challenge.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7fmDWo3548oMK8jgZ7V0Kd/94ee9ab9bc1df6fee6e6a76dc4fb3e02/image2.png\" alt=\"\" class=\"kg-image\" width=\"1596\" height=\"1105\" loading=\"lazy\"/>\n \n </figure><p>You click, and that’s it. The Turnstile challenge solution is sent to the Attester, which upon validation, sends back a token from the requested Issuer. This page appears for a very short time, as once the extension has the token, the challenge page is no longer needed.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3KROIlp9njiXlfceDzRU7W/d1e306da3012c949e3fa5b80934f83a4/image11.png\" alt=\"\" class=\"kg-image\" width=\"1596\" height=\"1105\" loading=\"lazy\"/>\n \n </figure><p>The extension, now having a token requested by the Origin, sends your initial request for a second time, with an Authorization header containing a valid Issuer PrivateToken. Upon validation, the Origin allows you in with a 200 Privacy Pass Token valid!</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3qOSkMc5wIqS50CuNNNoZY/b36b88ba01ffa1c5f4d78727e602062f/image3.png\" alt=\"\" class=\"kg-image\" width=\"1596\" height=\"1105\" loading=\"lazy\"/>\n \n </figure><p>If you want to check behind the scenes, you can right-click on the extension logo and go to the preference/options page. It contains a list of attesters trusted by the extension, one per line. You can add your own attestation method (API described below). This allows the Client to decide on their preferred attestation methods.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/78BCHYQuOBC2aFlnPshu83/c6ee6b54d1d24b6f92f34577267a1146/image7.png\" alt=\"\" class=\"kg-image\" width=\"1596\" height=\"1105\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h2 id=\"privacy-pass-protocol-extended\">Privacy Pass protocol — extended</h2>\n <a href=\"#privacy-pass-protocol-extended\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The Privacy Pass protocol is new and not a standard yet, which implies that it’s not uniformly supported on all platforms. To improve flexibility beyond the existing standard proposal, we are introducing two mechanisms: an API for Attesters, and a replay API for web clients. The API for attesters allows developers to build new attestation methods, which only need to provide their URL to interface with the Silk browser extension. The replay API for web clients is a mechanism to enable websites to cooperate with the extension to make PrivateToken authentication work on browsers with Chrome user agents.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2TLz1CPx9OHczqLabCRmyc/c54b0b4bb637a97812c637ca0eebc78c/image12.png\" alt=\"\" class=\"kg-image\" width=\"1999\" height=\"1119\" loading=\"lazy\"/>\n \n </figure><p>Because more than one Attester may be supported on your machine, your Client needs to understand which Attester to use depending on the requested Issuer. As mentioned before, you as the Client do not communicate directly with the Issuer because you don’t necessarily know their relation with the attester, so you cannot retrieve its public key. To this end, the Attester API exposes all Issuers reachable by the said Attester via an endpoint: /v1/private-token-issuer-directory. This way, your client selects an appropriate Attester - one in relation with an Issuer that the Origin trusts, before triggering a validation.</p><p>In addition, we propose a replay API. Its goal is to allow clients to fetch a resource a second time if the first response presented a Privacy pass challenge. Some platforms do this automatically, like Silk on Firefox, but some don’t. That’s the case with the Silk Chrome extension for instance, which in its support of <a href=\"https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/manifest_version\">manifest v3</a> cannot block requests and only supports Basic authentication in the onAuthRequired extension event. The Privacy Pass Authentication scheme proposes the request to be sent once to get a challenge, and then a second time to get the actual resource. Between these requests to the Origin, the platform orchestrates the issuance of a token. To keep clients informed about the state of this process, we introduce a <code>private-token-client-replay: UUID header</code> alongside WWW-Authenticate. Using a platform defined endpoint, this UUID informs web clients of the current state of authentication: pending, fulfilled, not-found.</p><p>To learn more about how you can use these today, and to deploy your own attestation method, read on.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"how-to-use-privacy-pass-today\">How to use Privacy Pass today?</h2>\n <a href=\"#how-to-use-privacy-pass-today\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>As seen in the section above, Privacy Pass is structured around four components: Origin, Client, Attester, Issuer. That’s why we created four repositories: <a href=\"https://github.com/cloudflare/pp-origin\">cloudflare/pp-origin</a>, <a href=\"https://github.com/cloudflare/pp-browser-extension\">cloudflare/pp-browser-extension</a>, <a href=\"https://github.com/cloudflare/pp-attester\">cloudflare/pp-attester</a>, <a href=\"https://github.com/cloudflare/pp-issuer\">cloudflare/pp-issuer</a>. In addition, the underlying cryptographic libraries are available <a href=\"https://github.com/cloudflare/privacypass-ts\">cloudflare/privacypass-ts</a>, <a href=\"https://github.com/cloudflare/blindrsa-ts\">cloudflare/blindrsa-ts</a>, and <a href=\"https://github.com/cloudflare/voprf-ts\">cloudflare/voprf-ts</a>. In this section, we dive into how to use each one of these depending on your use case.</p><blockquote><p>Note: All examples below are designed in JavaScript and targeted at Cloudflare Workers. Privacy Pass is also implemented in <a href=\"https://github.com/ietf-wg-privacypass/base-drafts#existing-implementations\">other languages</a> and can be deployed with a configuration that suits your needs.</p></blockquote>\n <div class=\"flex anchor relative\">\n <h3 id=\"as-an-origin-website-owners-service-providers\">As an Origin - website owners, service providers</h3>\n <a href=\"#as-an-origin-website-owners-service-providers\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>You are an online service that people critically rely upon (health or messaging for instance). You want to provide private payment options to users to maintain your users’ privacy. You only have one subscription tier at $10 per month. You have <a href=\"https://datatracker.ietf.org/doc/html/draft-davidson-pp-architecture-00#autoid-60\">heard</a> people are making privacy preserving apps, and want to use the latest version of Privacy Pass.</p><p>To access your service, users are required to prove they&#39;ve paid for the service through a payment provider of their choosing (that you deem acceptable). This payment provider acknowledges the payment and requests a token for the user to access the service. As a sequence diagram, it looks as follows:</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3CDt5NsDY4c2DuYbggdleT/c2084b1b7cb141a8b528de78392833b3/image4.png\" alt=\"\" class=\"kg-image\" width=\"1615\" height=\"903\" loading=\"lazy\"/>\n \n </figure><p>To implement it in Workers, we rely on the <a href=\"https://www.npmjs.com/package/@cloudflare/privacypass-ts\"><code>@cloudflare/privacypass-ts</code></a> library, which can be installed by running:</p>\n <pre class=\"language-bash\"><code class=\"language-bash\">npm i @cloudflare/privacypass-ts</pre></code>\n <p>This section is going to focus on the Origin work. We assume you have an Issuer up and running, which is described in a later section.</p><p>The Origin defines two flows:</p><ol><li><p>User redeeming token</p></li><li><p>User requesting a token issuance</p></li></ol>\n <pre class=\"language-javascript\"><code class=\"language-javascript\">import { Client } from &#039;@cloudflare/privacypass-ts&#039;\n\nconst issuer = &#039;static issuer key&#039;\n\nconst handleRedemption =&gt; (req) =&gt; {\n const token = TokenResponse.parse(req.headers.get(&#039;authorization&#039;))\n const isValid = token.verify(issuer.publicKey)\n}\n\nconst handleIssuance = () =&gt; {\n return new Response(&#039;Please pay to access the service&#039;, {\n status: 401,\n headers: { &#039;www-authenticate&#039;: &#039;PrivateToken challenge=, token-key=, max-age=300&#039; }\n })\n}\n\nconst handleAuth = (req) =&gt; {\n const authorization = req.headers.get(&#039;authorization&#039;)\n if (authorization.startsWith(`PrivateToken token=`)) {\n return handleRedemption(req)\n }\n return handleIssuance(req)\n}\n\nexport default {\n fetch(req: Request) {\n return handleAuth(req)\n }\n}</pre></code>\n <p>From the user’s perspective, the overhead is minimal. Their client (possibly the Silk browser extension) receives a WWW-Authenticate header with the information required for a token issuance. Then, depending on their client configuration, they are taken to the payment provider of their choice to validate their access to the service.</p><p>With a successful response to the PrivateToken challenge a session is established, and the traditional web service flow continues.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"as-an-attester-captcha-providers-authentication-provider\">As an Attester - CAPTCHA providers, authentication provider</h3>\n <a href=\"#as-an-attester-captcha-providers-authentication-provider\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>You are the author of a new attestation method, such as <a href=\"/introducing-cryptographic-attestation-of-personhood/\">CAP,</a> a new CAPTCHA mechanism, or a new way to validate cookie consent. You know that website owners already use Privacy Pass to trigger such challenges on the user side, and an Issuer is willing to trust your method because it guarantees a high security level. In addition, because of the Privacy Pass protocol you never see which website your attestation is being used for.</p><p>So you decide to expose your attestation method as a Privacy Pass Attester. An Issuer with public key B== trusts you, and that&#39;s the Issuer you are going to request a token from. You can check that with the Yes/No Attester below, whose code is on <a href=\"https://cloudflareworkers.com/#eedc5a7a6560c44b23a24cc1414b29d7:https://tutorial.cloudflareworkers.com/v1/challenge\">Cloudflare Workers playground</a></p>\n <pre class=\"language-javascript\"><code class=\"language-javascript\">const ISSUER_URL = &#039;https://pp-issuer-public.research.cloudflare.com/token-request&#039;\n\nconst b64ToU8 = (b) =&gt; Uint8Array.from(atob(b), c =&gt; c.charCodeAt(0))\n\nconst handleGetChallenge = (req) =&gt; {\n return new Response(`\n &lt;html&gt;\n &lt;head&gt;\n &lt;title&gt;Challenge Response&lt;/title&gt;\n &lt;/head&gt;\n &lt;body&gt;\n \t&lt;button onclick=&quot;sendResponse(&#039;Yes&#039;)&quot;&gt;Yes&lt;/button&gt;\n\t\t&lt;button onclick=&quot;sendResponse(&#039;No&#039;)&quot;&gt;No&lt;/button&gt;\n\t&lt;/body&gt;\n\t&lt;script&gt;\n\tfunction sendResponse(choice) {\n\t\tfetch(location.href, { method: &#039;POST&#039;, headers: { &#039;private-token-attester-data&#039;: choice } })\n\t}\n\t&lt;/script&gt;\n\t&lt;/html&gt;\n\t`, { status: 401, headers: { &#039;content-type&#039;: &#039;text/html&#039; } })\n}\n\nconst handlePostChallenge = (req) =&gt; {\n const choice = req.headers.get(&#039;private-token-attester-data&#039;)\n if (choice !== &#039;Yes&#039;) {\n return new Response(&#039;Unauthorised&#039;, { status: 401 })\n }\n\n // hardcoded token request\n // debug here https://pepe-debug.research.cloudflare.com/?challenge=PrivateToken%20challenge=%22AAIAHnR1dG9yaWFsLmNsb3VkZmxhcmV3b3JrZXJzLmNvbSBE-oWKIYqMcyfiMXOZpcopzGBiYRvnFRP3uKknYPv1RQAicGVwZS1kZWJ1Zy5yZXNlYXJjaC5jbG91ZGZsYXJlLmNvbQ==%22,token-key=%22MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEApqzusqnywE_3PZieStkf6_jwWF-nG6Es1nn5MRGoFSb3aXJFDTTIX8ljBSBZ0qujbhRDPx3ikWwziYiWtvEHSLqjeSWq-M892f9Dfkgpb3kpIfP8eBHPnhRKWo4BX_zk9IGT4H2Kd1vucIW1OmVY0Z_1tybKqYzHS299mvaQspkEcCo1UpFlMlT20JcxB2g2MRI9IZ87sgfdSu632J2OEr8XSfsppNcClU1D32iL_ETMJ8p9KlMoXI1MwTsI-8Kyblft66c7cnBKz3_z8ACdGtZ-HI4AghgW-m-yLpAiCrkCMnmIrVpldJ341yR6lq5uyPej7S8cvpvkScpXBSuyKwIDAQAB%22\n const body = b64ToU8(&#039;AALoAYM+fDO53GVxBRuLbJhjFbwr0uZkl/m3NCNbiT6wal87GEuXuRw3iZUSZ3rSEqyHDhMlIqfyhAXHH8t8RP14ws3nQt1IBGE43Q9UinwglzrMY8e+k3Z9hQCEw7pBm/hVT/JNEPUKigBYSTN2IS59AUGHEB49fgZ0kA6ccu9BCdJBvIQcDyCcW5LCWCsNo57vYppIVzbV2r1R4v+zTk7IUDURTa4Mo7VYtg1krAWiFCoDxUOr+eTsc51bWqMtw2vKOyoM/20Wx2WJ0ox6JWdPvoBEsUVbENgBj11kB6/L9u2OW2APYyUR7dU9tGvExYkydXOfhRFJdKUypwKN70CiGw==&#039;)\n // You can perform some check here to confirm the body is a valid token request\n\n console.log(&#039;requesting token for tutorial.cloudflareworkers.com&#039;)\n return fetch(ISSUER_URL, {\n method: &#039;POST&#039;,\n headers: { &#039;content-type&#039;: &#039;application/private-token-request&#039; },\n body: body,\n })\n}\n\nconst handleIssuerDirectory = async () =&gt; {\n // These are fake issuers\n // Issuer data can be fetch at https://pp-issuer-public.research.cloudflare.com/.well-known/private-token-issuer-directory\n const TRUSTED_ISSUERS = {\n &quot;issuer1&quot;: { &quot;token-keys&quot;: [{ &quot;token-type&quot;: 2, &quot;token-key&quot;: &quot;A==&quot; }] },\n &quot;issuer2&quot;: { &quot;token-keys&quot;: [{ &quot;token-type&quot;: 2, &quot;token-key&quot;: &quot;B==&quot; }] },\n }\n return new Response(JSON.stringify(TRUSTED_ISSUERS), { headers: { &quot;content-type&quot;: &quot;application/json&quot; } })\n}\n\nconst handleRequest = (req) =&gt; {\n const pathname = new URL(req.url).pathname\n console.log(pathname, req.url)\n if (pathname === &#039;/v1/challenge&#039;) {\n if (req.method === &#039;POST&#039;) {\n return handlePostChallenge(req)\n }\n return handleGetChallenge(req)\n }\n if (pathname === &#039;/v1/private-token-issuer-directory&#039;) {\n return handleIssuerDirectory()\n }\n return new Response(&#039;Not found&#039;, { status: 404 })\n}\n\naddEventListener(&#039;fetch&#039;, event =&gt; {\n event.respondWith(handleRequest(event.request))\n})</pre></code>\n <p>The validation method above is simply checking if the user selected yes. Your method might be more complex, the wrapping stays the same.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5PnBuinoRKUpYjrBsHQbn/966c266e7de411503c5bf9a5dc9a184d/Screenshot-2024-01-04-at-10.30.04.png\" alt=\"\" class=\"kg-image\" width=\"1356\" height=\"206\" loading=\"lazy\"/>\n \n </figure><p><i>Screenshot of the Yes/No Attester example</i></p><p>Because users might have multiple Attesters configured for a given Issuer, we recommend your Attester implements one additional endpoint exposing the keys of the issuers you are in contact with. You can try this code on <a href=\"https://cloudflareworkers.com/#4eeeef2fa895e519addb3ae442ee351d:https://tutorial.cloudflareworkers.com/v1/private-token-issuer-directory\">Cloudflare Workers playground</a>.</p>\n <pre class=\"language-javascript\"><code class=\"language-javascript\">const handleIssuerDirectory = () =&gt; {\n const TRUSTED_ISSUERS = {\n &quot;issuer1&quot;: { &quot;token-keys&quot;: [{ &quot;token-type&quot;: 2, &quot;token-key&quot;: &quot;A==&quot; }] },\n &quot;issuer2&quot;: { &quot;token-keys&quot;: [{ &quot;token-type&quot;: 2, &quot;token-key&quot;: &quot;B==&quot; }] },\n }\n return new Response(JSON.stringify(TRUSTED_ISSUERS), { headers: { &quot;content-type&quot;: &quot;application/json&quot; } })\n}\n\nexport default {\n fetch(req: Request) {\n const pathname = new URL(req.url).pathname\n if (pathname === &#039;/v1/private-token-issuer-directory&#039;) {\n return handleIssuerDirectory()\n }\n }\n}</pre></code>\n <p>Et voilà. You have an Attester that can be used directly with the Silk browser extension (<a href=\"https://addons.mozilla.org/en-US/firefox/addon/privacy-pass/\">Firefox</a>, <a href=\"https://chromewebstore.google.com/detail/privacy-pass/ajhmfdgkijocedmfjonnpjfojldioehi\">Chrome</a>). As you progress through your deployment, it can also be directly integrated into your applications.</p><p>If you would like to have a more advanced Attester and deployment pipeline, look at <a href=\"https://github.com/cloudflare/pp-attester\">cloudflare/pp-attester</a> template.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"as-an-issuer-foundation-consortium\">As an Issuer - foundation, consortium</h3>\n <a href=\"#as-an-issuer-foundation-consortium\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>We&#39;ve mentioned the Issuer multiple times already. The role of an Issuer is to select a set of Attesters it wants to operate with, and communicate its public key to Origins. The whole cryptographic behavior of an Issuer is specified <a href=\"https://www.ietf.org/archive/id/draft-ietf-privacypass-protocol-16.html\">by the IETF</a> draft. In contrast to the Client and Attesters which have discretionary behavior, the Issuer is fully standardized. Their opportunity is to choose a signal that is strong enough for the Origin, while preserving privacy of Clients.</p><p>Cloudflare Research is operating a public Issuer for experimental purposes to use on <a href=\"https://pp-issuer-public.research.cloudflare.com\">https://pp-issuer-public.research.cloudflare.com</a>. It is the simplest solution to start experimenting with Privacy Pass today. Once it matures, you can consider joining a production Issuer, or deploying your own.</p><p>To deploy your own, you should:</p>\n <pre class=\"language-bash\"><code class=\"language-bash\">git clone github.com/cloudflare/pp-issuer</pre></code>\n <p>Update wrangler.toml with your Cloudflare Workers account id and zone id. The open source Issuer API works as follows:</p><ul><li><p>/.well-known/private-token-issuer-directory returns the issuer configuration. Note it does not expose non-standard token-key-legacy</p></li><li><p>/token-request returns a token. This endpoint should be gated (by Cloudflare Access for instance) to only allow trusted attesters to call it</p></li><li><p>/admin/rotate to generate a new public key. This should only be accessible by your team, and be called prior to the issuer being available.</p></li></ul><p>Then, <code>wrangler publish</code>, and you&#39;re good to onboard Attesters.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"development-of-silk-extension\">Development of Silk extension</h2>\n <a href=\"#development-of-silk-extension\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Just like the protocol, the browser technology on which Privacy Pass was proven viable has changed as well. For 5 years, the protocol got deployed along with a browser extension for Chrome and Firefox. In 2021, Chrome released a new version of extension configurations, usually referred to as <a href=\"https://developer.chrome.com/docs/extensions/mv3/intro/platform-vision/\">Manifest version 3</a> (MV3). Chrome also started enforcing this new configuration for all newly released extensions.</p><p>Privacy Pass <i>the extension</i> is based on an agreed upon Privacy Pass <a href=\"https://datatracker.ietf.org/doc/draft-ietf-privacypass-auth-scheme/\"><i>authentication protocol</i></a>. Briefly looking at <a href=\"https://developer.chrome.com/docs/extensions/reference/webRequest/\">Chrome’s API documentation</a>, we should be able to use the onAuthRequired event. However, with PrivateToken authentication not yet being standard, there are no hooks provided by browsers for extensions to add logic to this event.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1iQsRopHuLfmHqjsppwImc/1a379a0cdd3de3e17de04811b1c08ac0/Screenshot-2024-01-04-at-10.32.44.png\" alt=\"\" class=\"kg-image\" width=\"2000\" height=\"932\" loading=\"lazy\"/>\n \n </figure><p><i>Image available under CC-BY-SA 4.0 provided by</i> <a href=\"https://developer.chrome.com/docs/extensions/reference/webRequest/\"><i>Google For Developers</i></a></p><p>The approach we decided to use is to define a client side replay API. When a response comes with 401 WWW-Authenticate PrivateToken, the browser lets it through, but triggers the private token redemption flow. The original page is notified when a token has been retrieved, and replays the request. For this second request, the browser is able to attach an authorization token, and the request succeeds. This is an active replay performed by the client, rather than a transparent replay done by the platform. A specification is available on <a href=\"https://github.com/cloudflare/pp-browser-extension#chrome-support-via-client-replay-api\">GitHub</a>.</p><p>We are looking forward to the standard progressing, and simplifying this part of the project. This should improve diversity in attestation methods. As we see in the next section, this is key to identifying new signals that can be leveraged by origins.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"a-standard-for-anonymous-credentials\">A standard for anonymous credentials</h2>\n <a href=\"#a-standard-for-anonymous-credentials\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>IP remains as a key identifier in the anti abuse system. At the same time, IP fingerprinting techniques have become a bigger concern and platforms have started to remove some of these ways of tracking users. To enable anti abuse systems to not rely on IP, while ensuring user privacy, Privacy Pass offers a reasonable alternative to deal with potentially abusive or suspicious traffic. The attestation methods vary and can be chosen as needed for a particular deployment. For example, Apple decided to back their attestation with hardware when using Privacy Pass as the authorization technology for iCloud Private Relay. Another example is Cloudflare Research which decided to deploy a Turnstile attester to signal a successful solve for Cloudflare’s challenge platform.</p><p>In all these deployments, Privacy Pass-like technology has allowed for specific bits of information to be shared. Instead of sharing your location, past traffic, and possibly your name and phone number simply by connecting to a website, your device is able to prove specific information to a third party in a privacy preserving manner. Which user information and attestation methods are sufficient to prevent abuse is an open question. We are looking to empower researchers with the release of this software to help in the quest for finding these answers. This could be via new experiments such as testing out new attestation methods, or fostering other privacy protocols by providing a framework for specific information sharing.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"future-recommendations\">Future recommendations</h2>\n <a href=\"#future-recommendations\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Just as we expect this latest version of Privacy Pass to lead to new applications and ideas we also expect further evolution of the standard and the clients that use it. Future development of Privacy Pass promises to cover topics like batch token issuance and rate limiting. From our work building and deploying this version of Privacy Pass we have encountered limitations that we expect to be resolved in the future as well.</p><p>The division of labor between Attesters and Issuers and the clear directions of trust relationships between the Origin and Issuer, and the Issuer and Attester make reasoning about the implications of a breach of trust clear. Issuers can trust more than one Attester, but since many current deployments of Privacy Pass do not identify the Attester that lead to issuance, a breach of trust in one Attester would render all tokens issued by any Issuer that trusts the Attester untrusted. This is because it would not be possible to tell which Attester was involved in the issuance process. Time will tell if this promotes a 1:1 correspondence between Attesters and Issuers.</p><p>The process of developing a browser extension supported by both Firefox and Chrome-based browsers can at times require quite baroque (and brittle) code paths. Privacy Pass the protocol seems a good fit for an extension of the <a href=\"https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/onAuthRequired\">webRequest.onAuthRequired</a> browser event. Just as Privacy Pass appears as an alternate authentication message in the WWW-Authenticate HTTP header, browsers could fire the onAuthRequired event for Private Token authentication too and include and allow request blocking support within the onAuthRequired event. This seems a natural evolution of the use of this event which currently is limited to the now rather long-in-the-tooth Basic authentication.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"conclusion\">Conclusion</h2>\n <a href=\"#conclusion\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Privacy Pass provides a solution to one of the longstanding challenges of the web: anonymous authentication. By leveraging cryptography, the protocol allows websites to get the information they need from users, and solely this information. It&#39;s already used by millions to help distinguish human requests from automated bots in a manner that is privacy protective and often seamless. We are excited by the protocol’s broad and growing adoption, and by the novel use cases that are unlocked by this latest version.</p><p>Cloudflare’s Privacy Pass implementations are available on GitHub, and are compliant with the standard. We have open-sourced a <a href=\"https://github.com/cloudflare?q=pp-&type=all&language=&sort=#org-repositories\">set of templates</a> that can be used to implement Privacy Pass <a href=\"https://github.com/cloudflare/pp-origin\"><i>Origins</i></a><i>,</i> <a href=\"https://github.com/cloudflare/pp-issuer\"><i>Issuers</i></a>, and <a href=\"https://github.com/cloudflare/pp-attester\"><i>Attesters</i></a>, which leverage Cloudflare Workers to get up and running quickly.</p><p>For those looking to try Privacy Pass out for themselves right away, download the <i>Silk - Privacy Pass Client</i> browser extensions (<a href=\"https://addons.mozilla.org/en-US/firefox/addon/privacy-pass/\">Firefox</a>, <a href=\"https://chromewebstore.google.com/detail/privacy-pass/ajhmfdgkijocedmfjonnpjfojldioehi\">Chrome</a>, <a href=\"https://github.com/cloudflare/pp-browser-extension\">GitHub</a>) and start browsing a web with fewer bot checks today.</p>"],"published_at":[0,"2024-01-04T16:07:22.000+00:00"],"updated_at":[0,"2024-10-09T23:26:44.495Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4wJwHdYhUiKvoSlAgSrFhG/cce2fbba90dbd93ef3cbc3e710e6f53b/privacy-pass-standard.png"],"tags":[1,[[0,{"id":[0,"1x7tpPmKIUCt19EDgM1Tsl"],"name":[0,"Research"],"slug":[0,"research"]}],[0,{"id":[0,"3ZtL0yV0R4ScAreV1dTfIY"],"name":[0,"Privacy Pass"],"slug":[0,"privacy-pass"]}],[0,{"id":[0,"kn8Lmy4luvCeAabblVvHH"],"name":[0,"Firefox"],"slug":[0,"firefox"]}],[0,{"id":[0,"3skwJ34K0c3CEY1cNogR4n"],"name":[0,"Chrome"],"slug":[0,"chrome"]}],[0,{"id":[0,"3BWeMuiOShelE7QM48sW9j"],"name":[0,"Privacy"],"slug":[0,"privacy"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Thibault Meunier"],"slug":[0,"thibault"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1CqrdcRymVgEs1zRfSE6Xr/b8182164b0a8435b162bdd1246b7e91f/thibault.png"],"location":[0,null],"website":[0,null],"twitter":[0,"@thibmeu"],"facebook":[0,null]}],[0,{"name":[0,"Cefan Daniel Rubin"],"slug":[0,"cdrubin"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5EziMHboXmLjqS6FXaUODB/8f0daa841b1c260fae1be2a9d863457f/cdrubin.png"],"location":[0,null],"website":[0,"https://github.com/cdrubin"],"twitter":[0,null],"facebook":[0,null]}],[0,{"name":[0,"Armando Faz-Hernández"],"slug":[0,"armfazh"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1KZECWa5TCEPjjcRmbx9iT/c62263899934ff326df2b6864e42b104/armfazh.png"],"location":[0,null],"website":[0,"https://research.cloudflare.com/people/armando-faz/"],"twitter":[0,"@armfazh"],"facebook":[0,null]}]]],"meta_description":[0,"In this post, we explore the latest changes to Privacy Pass protocol. We are also excited to introduce a public implementation of the latest IETF draft of the Privacy Pass protocol — including a set of open-source templates that can be used to implement Privacy Pass Origins, Issuers, and Attesters."],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Privacy Pass: upgrading to the latest protocol version Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"Translated for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"Translated for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/privacy-pass-standard"],"metadata":[0,{"title":[0,"Privacy Pass: upgrading to the latest protocol version"],"description":[0,"In this post, we explore the latest changes to Privacy Pass protocol. We are also excited to introduce a public implementation of the latest IETF draft of the Privacy Pass protocol — including a set of open-source templates that can be used to implement Privacy Pass Origins, Issuers, and Attesters."],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/22RHi3sA2tR4yPZCvPKYLe/87cdf4737a0d11148e569ff370819e38/privacy-pass-standard-fxK0y1.png"]}]}],"translations":[0,{"posts.by":[0,"By"],"footer.gdpr":[0,"GDPR"],"lang_blurb1":[0,"This post is also available in {lang1}."],"lang_blurb2":[0,"This post is also available in {lang1} and {lang2}."],"lang_blurb3":[0,"This post is also available in {lang1}, {lang2} and {lang3}."],"footer.press":[0,"Press"],"header.title":[0,"The Cloudflare Blog"],"search.clear":[0,"Clear"],"search.filter":[0,"Filter"],"search.source":[0,"Source"],"footer.careers":[0,"Careers"],"footer.company":[0,"Company"],"footer.support":[0,"Support"],"footer.the_net":[0,"theNet"],"search.filters":[0,"Filters"],"footer.our_team":[0,"Our team"],"footer.webinars":[0,"Webinars"],"page.more_posts":[0,"More posts"],"posts.time_read":[0,"{time} min read"],"search.language":[0,"Language"],"footer.community":[0,"Community"],"footer.resources":[0,"Resources"],"footer.solutions":[0,"Solutions"],"footer.trademark":[0,"Trademark"],"header.subscribe":[0,"Subscribe"],"footer.compliance":[0,"Compliance"],"footer.free_plans":[0,"Free plans"],"footer.impact_ESG":[0,"Impact/ESG"],"posts.follow_on_X":[0,"Follow on X"],"footer.help_center":[0,"Help center"],"footer.network_map":[0,"Network Map"],"header.please_wait":[0,"Please Wait"],"page.related_posts":[0,"Related posts"],"search.result_stat":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong> for <strong>{search_keyword}</strong>"],"footer.case_studies":[0,"Case Studies"],"footer.connect_2024":[0,"Connect 2024"],"footer.terms_of_use":[0,"Terms of Use"],"footer.white_papers":[0,"White Papers"],"footer.cloudflare_tv":[0,"Cloudflare TV"],"footer.community_hub":[0,"Community Hub"],"footer.compare_plans":[0,"Compare plans"],"footer.contact_sales":[0,"Contact Sales"],"header.contact_sales":[0,"Contact Sales"],"header.email_address":[0,"Email Address"],"page.error.not_found":[0,"Page not found"],"footer.developer_docs":[0,"Developer docs"],"footer.privacy_policy":[0,"Privacy Policy"],"footer.request_a_demo":[0,"Request a demo"],"page.continue_reading":[0,"Continue reading"],"footer.analysts_report":[0,"Analyst reports"],"footer.for_enterprises":[0,"For enterprises"],"footer.getting_started":[0,"Getting Started"],"footer.learning_center":[0,"Learning Center"],"footer.project_galileo":[0,"Project Galileo"],"pagination.newer_posts":[0,"Newer Posts"],"pagination.older_posts":[0,"Older Posts"],"posts.social_buttons.x":[0,"Discuss on X"],"search.icon_aria_label":[0,"Search"],"search.source_location":[0,"Source/Location"],"footer.about_cloudflare":[0,"About Cloudflare"],"footer.athenian_project":[0,"Athenian Project"],"footer.become_a_partner":[0,"Become a partner"],"footer.cloudflare_radar":[0,"Cloudflare Radar"],"footer.network_services":[0,"Network services"],"footer.trust_and_safety":[0,"Trust & Safety"],"header.get_started_free":[0,"Get Started Free"],"page.search.placeholder":[0,"Search Cloudflare"],"footer.cloudflare_status":[0,"Cloudflare Status"],"footer.cookie_preference":[0,"Cookie Preferences"],"header.valid_email_error":[0,"Must be valid email."],"search.result_stat_empty":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong>"],"footer.connectivity_cloud":[0,"Connectivity cloud"],"footer.developer_services":[0,"Developer services"],"footer.investor_relations":[0,"Investor relations"],"page.not_found.error_code":[0,"Error Code: 404"],"search.autocomplete_title":[0,"Insert a query. Press enter to send"],"footer.logos_and_press_kit":[0,"Logos & press kit"],"footer.application_services":[0,"Application services"],"footer.get_a_recommendation":[0,"Get a recommendation"],"posts.social_buttons.reddit":[0,"Discuss on Reddit"],"footer.sse_and_sase_services":[0,"SSE and SASE services"],"page.not_found.outdated_link":[0,"You may have used an outdated link, or you may have typed the address incorrectly."],"footer.report_security_issues":[0,"Report Security Issues"],"page.error.error_message_page":[0,"Sorry, we can't find the page you are looking for."],"header.subscribe_notifications":[0,"Subscribe to receive notifications of new posts:"],"footer.cloudflare_for_campaigns":[0,"Cloudflare for Campaigns"],"header.subscription_confimation":[0,"Subscription confirmed. Thank you for subscribing!"],"posts.social_buttons.hackernews":[0,"Discuss on Hacker News"],"footer.diversity_equity_inclusion":[0,"Diversity, equity & inclusion"],"footer.critical_infrastructure_defense_project":[0,"Critical Infrastructure Defense Project"]}]}" ssr client="load" opts="{"name":"PostCard","value":true}" await-children><article class="w-100 featured-post flex flex-row flex-wrap mb4 items-center bb b--gray8 bn-l mt4 mt2-l mb4 ph3 bb b--gray8 bn-l"><div class="w-50-l"><a href="/privacy-pass-standard/" class="fw5 no-underline gray1" data-testid="post-title"><h2 class="fw5 mt2">Privacy Pass: upgrading to the latest protocol version</h2></a><p class="f3 fw5 gray5 my" data-testid="post-date">2024-01-04</p><p class="f4 fw3 lh-copy " data-testid="post-content">In this post, we explore the latest changes to Privacy Pass protocol. We are also excited to introduce a public implementation of the latest IETF draft of the Privacy Pass protocol — including a set of open-source templates that can be used to implement Privacy Pass Origins, Issuers, and Attesters<!-- -->...</p><a href="/privacy-pass-standard/" class="no-underline gray1 f4 lh-copy fw3 underline-hover" data-testid="post-continue-reading">Continue reading »</a><ul class="author-lists flex pl0"><li class="list flex items-center pr2 mb3"><a href="/author/thibault/" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1CqrdcRymVgEs1zRfSE6Xr/b8182164b0a8435b162bdd1246b7e91f/thibault.png" alt="Thibault Meunier" width="62" height="62"/></a><div class="author-name-tooltip"><a href="/author/thibault/" class="fw5 f4 no-underline black">Thibault Meunier</a></div></li><li class="list flex items-center pr2 mb3"><a href="/author/cdrubin/" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5EziMHboXmLjqS6FXaUODB/8f0daa841b1c260fae1be2a9d863457f/cdrubin.png" alt="Cefan Daniel Rubin" width="62" height="62"/></a><div class="author-name-tooltip"><a href="/author/cdrubin/" class="fw5 f4 no-underline black">Cefan Daniel Rubin</a></div></li><li class="list flex items-center pr2 mb3"><a href="/author/armfazh/" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1KZECWa5TCEPjjcRmbx9iT/c62263899934ff326df2b6864e42b104/armfazh.png" alt="Armando Faz-Hernández" width="62" height="62"/></a><div class="author-name-tooltip"><a href="/author/armfazh/" class="fw5 f4 no-underline black">Armando Faz-Hernández</a></div></li></ul></div><div class="w-50-l"><img class="dn di-l " src="https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4wJwHdYhUiKvoSlAgSrFhG/cce2fbba90dbd93ef3cbc3e710e6f53b/privacy-pass-standard.png" alt="Privacy Pass: upgrading to the latest protocol version"/></div></article><!--astro:end--></astro-island><astro-island uid="15eN2u" prefix="r1" component-url="/_astro/PostCard.CG32ktie.js" component-export="PostCard" renderer-url="/_astro/client.DLO1yDVm.js" props="{"currentPage":[0,1],"isFeaturedImageFirstPost":[0,false],"post":[0,{"id":[0,"5nwTZ5NB8OAO51Ut53JB1B"],"title":[0,"Uncovering the Hidden WebP vulnerability: a tale of a CVE with much bigger implications than it originally seemed"],"slug":[0,"uncovering-the-hidden-webp-vulnerability-cve-2023-4863"],"excerpt":[0,"Recently, Google announced a security issue in Google Chrome, titled \"Heap buffer overflow in WebP in Google Chrome.\" Initially, it seemed like just another bug in the popular web browser. However, what we discovered was far more significant and had implications that extended well beyond Chrome"],"featured":[0,false],"html":[0,"\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/esbsHOdyFYuCrR7B3okvZ/de4ed692598bf9f47f405d05e311f091/Uncovering-the-hidden-WebP-vulnerability.png\" alt=\"\" class=\"kg-image\" width=\"1600\" height=\"900\" loading=\"lazy\"/>\n \n </figure><p>At Cloudflare, we&#39;re constantly vigilant when it comes to identifying vulnerabilities that could potentially affect the Internet ecosystem. Recently, on September 12, 2023, Google announced a security issue in Google Chrome, titled &quot;Heap buffer overflow in WebP in Google Chrome,&quot; which caught our attention. Initially, it seemed like just another bug in the popular web browser. However, what we discovered was far more significant and had implications that extended well beyond Chrome.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"impact-much-wider-than-suggested\">Impact much wider than suggested</h3>\n <a href=\"#impact-much-wider-than-suggested\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The vulnerability, tracked under <a href=\"https://nvd.nist.gov/vuln/detail/CVE-2023-4863\">CVE-2023-4863</a>, was described as a heap buffer overflow in WebP within Google Chrome. While this description might lead one to believe that it&#39;s a problem confined solely to Chrome, the reality was quite different. It turned out to be a bug deeply rooted in the libwebp library, which is not only used by Chrome but by virtually every application that handles WebP images.</p><p>Digging deeper, this vulnerability was in fact first reported in an earlier CVE from Apple, CVE-2023-41064, although the connection was not immediately obvious. In early September, Citizen Lab, a research lab based out of the University of Toronto, reported on an apparent exploit that was being used to attempt to install spyware on the iPhone of &quot;an individual employed by a Washington DC-based civil society organization.&quot; The advisory from Apple was also incomplete, stating that it was a “buffer overflow issue in ImageIO,” and that they were aware the issue may have been actively exploited. Only after Google released CVE-2023-4863 did it become clear that these two issues were linked, and there was a wider vulnerability in WebP.</p><p>The vulnerability allows an attacker to create a malformed WebP image file that makes libwebp write data beyond the buffer memory allocated to the image decoder. By writing past the legal bounds of the buffer, it is possible to modify sensitive data in memory, eventually leading to execution of the attacker&#39;s code.</p><p>WebP, introduced over a decade ago, has gained widespread adoption in various applications, ranging from web browsers to email clients, chat apps, graphics programs, and even operating systems. This ubiquity meant that this vulnerability had far-reaching consequences, affecting a vast array of software and virtually all users of the WebP format.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1VR5ms2oG6429Y6D8F3Hic/80023d781031236142015576080767c1/image2-3.png\" alt=\"\" class=\"kg-image\" width=\"1999\" height=\"807\" loading=\"lazy\"/>\n \n </figure><p><i>How the WebP vulnerability is exploited</i></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"understanding-the-technical-details\">Understanding the technical details</h3>\n <a href=\"#understanding-the-technical-details\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>So what exactly was the issue, how could it be exploited, and how was it shut down? We can get our best clues by looking at <a href=\"https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a%5E%21/#F0\">the patch that was made to libwebp</a>. This patch fixes a potential out-of-buffer (OOB) error in part of the image decoder – the Huffman tables – with two changes: additional validation of the input data, and a modified dynamic memory allocation model. A deeper dive into libwebp and the WebP image format built on top of it reveals what this means.</p><p>WebP is a combination of two different image formats: a lossy format similar to JPEG using VP8 codec, and a lossless format using WebP&#39;s custom lossless codec. The bug was in the lossless codec&#39;s handling of Huffman coding.</p><p>The fundamental idea behind Huffman coding is that using a constant number of bits for every basic unit of information in a dataset – like a pixel color – is not the most efficient representation. We can use a variable number of bits, and assign shortest sequences to the most frequently occurring values, and longer ones to the least common values. The sequences of ones and zeros can be represented as a binary tree, with the shorter, more common codes near the root, and longer, less common codes deeper in the tree. Looking up values in the tree bit by bit is relatively slow. Practical implementations build lookup tables that allow matching many bits at a time.</p><p>Image files contain compact information about the shape of the Huffman tree, which the decoder uses to reconstruct the tree, and build lookup tables for the codes. The bug in libwebp was in the code building the lookup tables. A specially crafted WebP file can contain a very unbalanced Huffman tree that contains codes much longer than any normal WebP file would have, and this made the function generating lookup tables write data beyond the buffer allocated for the lookup tables. Libwebp had checks for validity of the Huffman tree, but it would write the invalid lookup tables before the consistency check.</p><p>The buffer for lookup tables is allocated on the heap. Heap is an area of memory where most of the data of the application is stored. Code that writes data past its buffer allows attackers to modify and corrupt data that happens to be adjacent in memory to the buffer. This can be exploited to make the application misbehave, and eventually start executing code supplied by the attacker.</p><p>The fixed version of libwebp ensures that the input data will always create a valid internal structure, and if so, allocates more memory if necessary to ensure the buffer is always big enough.</p><p>Libwebp is a mature library, maintained by seasoned professionals. But it&#39;s written in the C language, which has very few safeguards against programming errors, especially memory use. Despite the care taken in the library&#39;s development, a single erroneous assumption led to a critical vulnerability.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"swift-action\">Swift action</h3>\n <a href=\"#swift-action\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>On the same day that Google&#39;s announcement caught our attention, we filed an internal security ticket, to document and address the vulnerability.</p><p>Google was initially perplexed about the true source of the problem. They did not release a patched version of libwebp before announcing the vulnerability. We discovered the yet-unreleased patch for libwebp in its repository, and used it to update libwebp in our services. libwebp officially released the patch a day later.</p><p>Our image processing services are written in Rust. We&#39;ve submitted patches to Rust packages that contained a copy of libwebp and filed RustSec advisories for them (<a href=\"https://rustsec.org/advisories/RUSTSEC-2023-0061.html\">RUSTSEC-2023-0061</a> and <a href=\"https://rustsec.org/advisories/RUSTSEC-2023-0062.html\">RUSTSEC-2023-0062</a>). This ensured that the broader Rust ecosystem was informed and could take appropriate action.</p><p>In an interesting turn of events, GitHub&#39;s vulnerability scanner was quick to recognize our RustSec reports as the first case of CVE-2023-4863, even before the issue gained widespread attention. This highlights the importance of having robust security reporting mechanisms in place and the vital role that platforms like GitHub play in keeping the open-source community secure.</p><p>These quick actions demonstrate how seriously Cloudflare takes this kind of threat. We have a belt-and-suspenders approach to security that limits the binaries we run at our edge to those signed by us, and ensures that all vulnerabilities are identified and remedied as soon as possible. In this case, we have scrutinized our logs, and found no evidence that any attackers attempted to leverage this vulnerability against Cloudflare. We believe this exploit targeted individuals rather than the infrastructure of a company like Cloudflare, but we never take chances with our customers’ data, and so fixed this vulnerability as quickly as possible, before it became well known.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"conclusion\">Conclusion</h3>\n <a href=\"#conclusion\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Google has now widened its description of this issue, correctly calling out that all uses of WebP are potentially affected. This widened description was originally filed as yet another new CVE – <a href=\"https://nvd.nist.gov/vuln/detail/CVE-2023-5129\">CVE-2023-5129</a> – but then that was flagged as a duplicate of the original CVE-2023-4863, and the description of the earlier filing updated. This incident serves as a reminder of the complex and interconnected nature of the Internet ecosystem. What initially seemed like a Chrome-specific problem revealed a much deeper issue that touched nearly every corner of the digital world. The incident also showcased the importance of swift collaboration and the critical role that responsible disclosure plays in mitigating security risks.</p><p>For each and every user, it demonstrates the need to keep all browsers, apps and operating systems up to date, and to install recommended security patches. All applications supporting WebP images need to be updated. We&#39;ve updated our services.</p><p>At Cloudflare, we remain committed to enhancing the security of the Internet, and incidents like these drive us to continually refine our processes and strengthen our partnerships within the global developer community. By working together, we can make the Internet a safer place for everyone.</p>"],"published_at":[0,"2023-10-05T16:00:43.000+01:00"],"updated_at":[0,"2024-10-10T00:22:28.712Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3bKYsg241wrXX9WsVIbxKT/96ced52ffddaf1aa87a0991483eeb2c9/uncovering-the-hidden-webp-vulnerability-cve-2023-4863.png"],"tags":[1,[[0,{"id":[0,"2pFyOCtANFB5qS6nbtQbVp"],"name":[0,"Vulnerabilities"],"slug":[0,"vulnerabilities"]}],[0,{"id":[0,"3skwJ34K0c3CEY1cNogR4n"],"name":[0,"Chrome"],"slug":[0,"chrome"]}],[0,{"id":[0,"6P5UocklzogIqFh9b0c7CZ"],"name":[0,"WebP"],"slug":[0,"webp"]}],[0,{"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"name":[0,"Security"],"slug":[0,"security"]}],[0,{"id":[0,"7eOKz89KhQS2SR2gZW7ogU"],"name":[0,"Swift"],"slug":[0,"swift"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Willi Geiger"],"slug":[0,"willi"],"bio":[0,"I lead engineering for Media Platform at Cloudflare. Prior to that I led User Experience for the Data Platform at Netflix, and before that, Camera, Editing and Effects for YouTube."],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2ES52pKYwJzvZsmuWNRuiX/37c1fd1c118fd72037d96d0a55eabda6/willi.jpg"],"location":[0,"San Francisco"],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}],[0,{"name":[0,"Kornel Lesiński"],"slug":[0,"kornel"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7ccnw4AEVCamBp97s43QuQ/66460f38410c43d8a3920e07332dae7c/kornel.jpg"],"location":[0,"UK"],"website":[0,"https://mastodon.social/@kornel"],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,null],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Uncovering the Hidden WebP vulnerability: a tale of a CVE with much bigger implications than it originally seemed Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/uncovering-the-hidden-webp-vulnerability-cve-2023-4863"],"metadata":[0,{"title":[0,"Uncovering the Hidden WebP vulnerability: a tale of a CVE with much bigger implications than it originally seemed"],"description":[0,null],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1Y7IRVMmQyWAZ3c0vIOJpf/0471fc43e7f2a5929e3294eeb48c629e/uncovering-the-hidden-webp-vulnerability-cve-2023-4863-mb5UXr.png"]}]}],"translations":[0,{"posts.by":[0,"By"],"footer.gdpr":[0,"GDPR"],"lang_blurb1":[0,"This post is also available in {lang1}."],"lang_blurb2":[0,"This post is also available in {lang1} and {lang2}."],"lang_blurb3":[0,"This post is also available in {lang1}, {lang2} and {lang3}."],"footer.press":[0,"Press"],"header.title":[0,"The Cloudflare Blog"],"search.clear":[0,"Clear"],"search.filter":[0,"Filter"],"search.source":[0,"Source"],"footer.careers":[0,"Careers"],"footer.company":[0,"Company"],"footer.support":[0,"Support"],"footer.the_net":[0,"theNet"],"search.filters":[0,"Filters"],"footer.our_team":[0,"Our team"],"footer.webinars":[0,"Webinars"],"page.more_posts":[0,"More posts"],"posts.time_read":[0,"{time} min read"],"search.language":[0,"Language"],"footer.community":[0,"Community"],"footer.resources":[0,"Resources"],"footer.solutions":[0,"Solutions"],"footer.trademark":[0,"Trademark"],"header.subscribe":[0,"Subscribe"],"footer.compliance":[0,"Compliance"],"footer.free_plans":[0,"Free plans"],"footer.impact_ESG":[0,"Impact/ESG"],"posts.follow_on_X":[0,"Follow on X"],"footer.help_center":[0,"Help center"],"footer.network_map":[0,"Network Map"],"header.please_wait":[0,"Please Wait"],"page.related_posts":[0,"Related posts"],"search.result_stat":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong> for <strong>{search_keyword}</strong>"],"footer.case_studies":[0,"Case Studies"],"footer.connect_2024":[0,"Connect 2024"],"footer.terms_of_use":[0,"Terms of Use"],"footer.white_papers":[0,"White Papers"],"footer.cloudflare_tv":[0,"Cloudflare TV"],"footer.community_hub":[0,"Community Hub"],"footer.compare_plans":[0,"Compare plans"],"footer.contact_sales":[0,"Contact Sales"],"header.contact_sales":[0,"Contact Sales"],"header.email_address":[0,"Email Address"],"page.error.not_found":[0,"Page not found"],"footer.developer_docs":[0,"Developer docs"],"footer.privacy_policy":[0,"Privacy Policy"],"footer.request_a_demo":[0,"Request a demo"],"page.continue_reading":[0,"Continue reading"],"footer.analysts_report":[0,"Analyst reports"],"footer.for_enterprises":[0,"For enterprises"],"footer.getting_started":[0,"Getting Started"],"footer.learning_center":[0,"Learning Center"],"footer.project_galileo":[0,"Project Galileo"],"pagination.newer_posts":[0,"Newer Posts"],"pagination.older_posts":[0,"Older Posts"],"posts.social_buttons.x":[0,"Discuss on X"],"search.icon_aria_label":[0,"Search"],"search.source_location":[0,"Source/Location"],"footer.about_cloudflare":[0,"About Cloudflare"],"footer.athenian_project":[0,"Athenian Project"],"footer.become_a_partner":[0,"Become a partner"],"footer.cloudflare_radar":[0,"Cloudflare Radar"],"footer.network_services":[0,"Network services"],"footer.trust_and_safety":[0,"Trust & Safety"],"header.get_started_free":[0,"Get Started Free"],"page.search.placeholder":[0,"Search Cloudflare"],"footer.cloudflare_status":[0,"Cloudflare Status"],"footer.cookie_preference":[0,"Cookie Preferences"],"header.valid_email_error":[0,"Must be valid email."],"search.result_stat_empty":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong>"],"footer.connectivity_cloud":[0,"Connectivity cloud"],"footer.developer_services":[0,"Developer services"],"footer.investor_relations":[0,"Investor relations"],"page.not_found.error_code":[0,"Error Code: 404"],"search.autocomplete_title":[0,"Insert a query. Press enter to send"],"footer.logos_and_press_kit":[0,"Logos & press kit"],"footer.application_services":[0,"Application services"],"footer.get_a_recommendation":[0,"Get a recommendation"],"posts.social_buttons.reddit":[0,"Discuss on Reddit"],"footer.sse_and_sase_services":[0,"SSE and SASE services"],"page.not_found.outdated_link":[0,"You may have used an outdated link, or you may have typed the address incorrectly."],"footer.report_security_issues":[0,"Report Security Issues"],"page.error.error_message_page":[0,"Sorry, we can't find the page you are looking for."],"header.subscribe_notifications":[0,"Subscribe to receive notifications of new posts:"],"footer.cloudflare_for_campaigns":[0,"Cloudflare for Campaigns"],"header.subscription_confimation":[0,"Subscription confirmed. Thank you for subscribing!"],"posts.social_buttons.hackernews":[0,"Discuss on Hacker News"],"footer.diversity_equity_inclusion":[0,"Diversity, equity & inclusion"],"footer.critical_infrastructure_defense_project":[0,"Critical Infrastructure Defense Project"]}]}" ssr client="load" opts="{"name":"PostCard","value":true}" await-children><article class="w-50-l mt4 mt2-l mb4 ph3 bb b--gray8 bn-l"><div class="w-100"><a href="/uncovering-the-hidden-webp-vulnerability-cve-2023-4863/" class="fw5 no-underline gray1" data-testid="post-title"><h2 class="fw5 mt2">Uncovering the Hidden WebP vulnerability: a tale of a CVE with much bigger implications than it originally seemed</h2></a><p class="f3 fw5 gray5 my" data-testid="post-date">2023-10-05</p><div class=""><a href="/tag/vulnerabilities/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Vulnerabilities</a><a href="/tag/chrome/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Chrome</a><a href="/tag/webp/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">WebP</a><a href="/tag/security/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Security</a><a href="/tag/swift/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Swift</a></div><p class="f3 fw4 gray1 lh-copy " data-testid="post-content">Recently, Google announced a security issue in Google Chrome, titled "Heap buffer overflow in WebP in Google Chrome." Initially, it seemed like just another bug in the popular web browser. However, what we discovered was far more significant and had implications that extended well beyond Chrome<!-- -->...</p><ul class="author-lists flex pl0"><li class="list flex items-center pr2 mb3"><a href="/author/willi/" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2ES52pKYwJzvZsmuWNRuiX/37c1fd1c118fd72037d96d0a55eabda6/willi.jpg" alt="Willi Geiger" width="62" height="62"/></a><div class="author-name-tooltip"><a href="/author/willi/" class="fw4 f3 no-underline black">Willi Geiger</a></div></li><li class="list flex items-center pr2 mb3"><a href="/author/kornel/" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7ccnw4AEVCamBp97s43QuQ/66460f38410c43d8a3920e07332dae7c/kornel.jpg" alt="Kornel Lesiński" width="62" height="62"/></a><div class="author-name-tooltip"><a href="/author/kornel/" class="fw4 f3 no-underline black">Kornel Lesiński</a></div></li></ul></div></article><!--astro:end--></astro-island><astro-island uid="Z1NDPSu" prefix="r2" component-url="/_astro/PostCard.CG32ktie.js" component-export="PostCard" renderer-url="/_astro/client.DLO1yDVm.js" props="{"currentPage":[0,1],"isFeaturedImageFirstPost":[0,false],"post":[0,{"id":[0,"2M0hyPXVNiYWjSUGQRypv2"],"title":[0,"Experiment with HTTP/3 using NGINX and quiche"],"slug":[0,"experiment-with-http-3-using-nginx-and-quiche"],"excerpt":[0,"Just a few weeks ago we announced the availability on our edge network of HTTP/3, the new revision of HTTP intended to improve security and performance on the Internet. Everyone can now enable HTTP/3 on their Cloudflare zone"],"featured":[0,false],"html":[0,"\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7GewSku8hqAHAyubNYEXl4/b896c88a9def673a40ff9218e5d43760/HTTP3-portal_3x.png\" alt=\"\" class=\"kg-image\" width=\"1600\" height=\"1361\" loading=\"lazy\"/>\n \n </figure><p>Just a few weeks ago <a href=\"/http3-the-past-present-and-future/\">we announced</a> the availability on our edge network of <a href=\"https://www.cloudflare.com/learning/performance/what-is-http3/\">HTTP/3</a>, the new revision of HTTP intended to improve security and performance on the Internet. Everyone can now enable HTTP/3 on their Cloudflare zone and experiment with it using <a href=\"/http3-the-past-present-and-future/#using-google-chrome-as-an-http-3-client\">Chrome Canary</a> as well as <a href=\"/http3-the-past-present-and-future/#using-curl\">curl</a>, among other clients.</p><p>We have previously made available <a href=\"https://github.com/cloudflare/quiche/blob/master/examples/http3-server.rs\">an example HTTP/3 server as part of the quiche project</a> to allow people to experiment with the protocol, but it’s quite limited in the functionality that it offers, and was never intended to replace other general-purpose web servers.</p><p>We are now happy to announce that <a href=\"/enjoy-a-slice-of-quic-and-rust/\">our implementation of HTTP/3 and QUIC</a> can be integrated into your own installation of NGINX as well. This is made available <a href=\"https://github.com/cloudflare/quiche/tree/master/extras/nginx\">as a patch</a> to NGINX, that can be applied and built directly with the upstream NGINX codebase.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/RGn7FpVUT1wQ1v5yu74c3/d6db309a2e2d99da184b3bbb123f3fb5/quiche-banner-copy_2x.png\" alt=\"\" class=\"kg-image\" width=\"1600\" height=\"804\" loading=\"lazy\"/>\n \n </figure><p>It’s important to note that <b>this is not officially supported or endorsed by the NGINX project</b>, it is just something that we, Cloudflare, want to make available to the wider community to help push adoption of QUIC and HTTP/3.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"building\">Building</h3>\n <a href=\"#building\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The first step is to <a href=\"https://nginx.org/en/download.html\">download and unpack the NGINX source code</a>. Note that the HTTP/3 and QUIC patch only works with the 1.16.x release branch (the latest stable release being 1.16.1).</p>\n <pre class=\"language-bash\"><code class=\"language-bash\"> % curl -O https://nginx.org/download/nginx-1.16.1.tar.gz\n % tar xvzf nginx-1.16.1.tar.gz</pre></code>\n <p>As well as quiche, the underlying implementation of HTTP/3 and QUIC:</p>\n <pre class=\"language-bash\"><code class=\"language-bash\"> % git clone --recursive https://github.com/cloudflare/quiche</pre></code>\n <p>Next you’ll need to apply the patch to NGINX:</p>\n <pre class=\"language-bash\"><code class=\"language-bash\"> % cd nginx-1.16.1\n % patch -p01 &lt; ../quiche/extras/nginx/nginx-1.16.patch</pre></code>\n <p>And finally build NGINX with HTTP/3 support enabled:</p>\n <pre class=\"language-bash\"><code class=\"language-bash\"> % ./configure \t\\\n \t--prefix=$PWD \t\\\n \t--with-http_ssl_module \t\\\n \t--with-http_v2_module \t\\\n \t--with-http_v3_module \t\\\n \t--with-openssl=../quiche/deps/boringssl \\\n \t--with-quiche=../quiche\n % make</pre></code>\n <p>The above command instructs the NGINX build system to enable the HTTP/3 support ( <code>--with-http_v3_module</code>) by using the quiche library found in the path it was previously downloaded into ( <code>--with-quiche=../quiche</code>), as well as TLS and HTTP/2. Additional build options can be added as needed.</p><p>You can check out the full instructions <a href=\"https://github.com/cloudflare/quiche/tree/master/extras/nginx#readme\">here</a>.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"running\">Running</h3>\n <a href=\"#running\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Once built, NGINX can be configured to accept incoming HTTP/3 connections by adding the <code>quic</code> and <code>reuseport</code> options to the <a href=\"https://nginx.org/en/docs/http/ngx_http_core_module.html#listen\">listen</a> configuration directive.</p><p>Here is a minimal configuration example that you can start from:</p>\n <pre class=\"language-bash\"><code class=\"language-bash\">events {\n worker_connections 1024;\n}\n\nhttp {\n server {\n # Enable QUIC and HTTP/3.\n listen 443 quic reuseport;\n\n # Enable HTTP/2 (optional).\n listen 443 ssl http2;\n\n ssl_certificate cert.crt;\n ssl_certificate_key cert.key;\n\n # Enable all TLS versions (TLSv1.3 is required for QUIC).\n ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;\n \n # Add Alt-Svc header to negotiate HTTP/3.\n add_header alt-svc &#039;h3-23=&quot;:443&quot;; ma=86400&#039;;\n }\n}</pre></code>\n <p>This will enable both HTTP/2 and HTTP/3 on the TCP/443 and UDP/443 ports respectively.</p><p>You can then use one of the available HTTP/3 clients (such as <a href=\"/http3-the-past-present-and-future/#using-google-chrome-as-an-http-3-client\">Chrome Canary</a>, <a href=\"/http3-the-past-present-and-future/#using-curl\">curl</a> or even the <a href=\"/http3-the-past-present-and-future/#using-quiche-s-http3-client\">example HTTP/3 client provided as part of quiche</a>) to connect to your NGINX instance using HTTP/3.</p><p>We are excited to make this available for everyone to experiment and play with HTTP/3, but it’s important to note that <b>the implementation is still experimental</b> and it’s likely to have bugs as well as limitations in functionality. Feel free to submit a ticket to the <a href=\"https://github.com/cloudflare/quiche\">quiche project</a> if you run into problems or find any bug.</p>"],"published_at":[0,"2019-10-17T15:00:00.000+01:00"],"updated_at":[0,"2024-10-10T00:44:01.752Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5S3sSj49psOqOu1XFbbeHW/e96c476073228c99a34ef9203cc68866/experiment-with-http-3-using-nginx-and-quiche.png"],"tags":[1,[[0,{"id":[0,"3FBpuRfF7HUFga2Z5jgAFf"],"name":[0,"NGINX"],"slug":[0,"nginx"]}],[0,{"id":[0,"76HSdQ6sNz56VVQXRUhhSw"],"name":[0,"QUIC"],"slug":[0,"quic"]}],[0,{"id":[0,"3skwJ34K0c3CEY1cNogR4n"],"name":[0,"Chrome"],"slug":[0,"chrome"]}],[0,{"id":[0,"4HIPcb68qM0e26fIxyfzwQ"],"name":[0,"Developers"],"slug":[0,"developers"]}],[0,{"id":[0,"4mFivBDCciYNedwQVKLKAg"],"name":[0,"HTTP3"],"slug":[0,"http3"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Alessandro Ghedini"],"slug":[0,"alessandro-ghedini"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6ysyaWM0uyFhi5F9X2t0jw/14d2e374a965b36818ee73b00412f671/alessandro-ghedini.jpg"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,null],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Experiment with HTTP/3 using NGINX and quiche Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"Translated for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/experiment-with-http-3-using-nginx-and-quiche"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,""]}]}],"translations":[0,{"posts.by":[0,"By"],"footer.gdpr":[0,"GDPR"],"lang_blurb1":[0,"This post is also available in {lang1}."],"lang_blurb2":[0,"This post is also available in {lang1} and {lang2}."],"lang_blurb3":[0,"This post is also available in {lang1}, {lang2} and {lang3}."],"footer.press":[0,"Press"],"header.title":[0,"The Cloudflare Blog"],"search.clear":[0,"Clear"],"search.filter":[0,"Filter"],"search.source":[0,"Source"],"footer.careers":[0,"Careers"],"footer.company":[0,"Company"],"footer.support":[0,"Support"],"footer.the_net":[0,"theNet"],"search.filters":[0,"Filters"],"footer.our_team":[0,"Our team"],"footer.webinars":[0,"Webinars"],"page.more_posts":[0,"More posts"],"posts.time_read":[0,"{time} min read"],"search.language":[0,"Language"],"footer.community":[0,"Community"],"footer.resources":[0,"Resources"],"footer.solutions":[0,"Solutions"],"footer.trademark":[0,"Trademark"],"header.subscribe":[0,"Subscribe"],"footer.compliance":[0,"Compliance"],"footer.free_plans":[0,"Free plans"],"footer.impact_ESG":[0,"Impact/ESG"],"posts.follow_on_X":[0,"Follow on X"],"footer.help_center":[0,"Help center"],"footer.network_map":[0,"Network Map"],"header.please_wait":[0,"Please Wait"],"page.related_posts":[0,"Related posts"],"search.result_stat":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong> for <strong>{search_keyword}</strong>"],"footer.case_studies":[0,"Case Studies"],"footer.connect_2024":[0,"Connect 2024"],"footer.terms_of_use":[0,"Terms of Use"],"footer.white_papers":[0,"White Papers"],"footer.cloudflare_tv":[0,"Cloudflare TV"],"footer.community_hub":[0,"Community Hub"],"footer.compare_plans":[0,"Compare plans"],"footer.contact_sales":[0,"Contact Sales"],"header.contact_sales":[0,"Contact Sales"],"header.email_address":[0,"Email Address"],"page.error.not_found":[0,"Page not found"],"footer.developer_docs":[0,"Developer docs"],"footer.privacy_policy":[0,"Privacy Policy"],"footer.request_a_demo":[0,"Request a demo"],"page.continue_reading":[0,"Continue reading"],"footer.analysts_report":[0,"Analyst reports"],"footer.for_enterprises":[0,"For enterprises"],"footer.getting_started":[0,"Getting Started"],"footer.learning_center":[0,"Learning Center"],"footer.project_galileo":[0,"Project Galileo"],"pagination.newer_posts":[0,"Newer Posts"],"pagination.older_posts":[0,"Older Posts"],"posts.social_buttons.x":[0,"Discuss on X"],"search.icon_aria_label":[0,"Search"],"search.source_location":[0,"Source/Location"],"footer.about_cloudflare":[0,"About Cloudflare"],"footer.athenian_project":[0,"Athenian Project"],"footer.become_a_partner":[0,"Become a partner"],"footer.cloudflare_radar":[0,"Cloudflare Radar"],"footer.network_services":[0,"Network services"],"footer.trust_and_safety":[0,"Trust & Safety"],"header.get_started_free":[0,"Get Started Free"],"page.search.placeholder":[0,"Search Cloudflare"],"footer.cloudflare_status":[0,"Cloudflare Status"],"footer.cookie_preference":[0,"Cookie Preferences"],"header.valid_email_error":[0,"Must be valid email."],"search.result_stat_empty":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong>"],"footer.connectivity_cloud":[0,"Connectivity cloud"],"footer.developer_services":[0,"Developer services"],"footer.investor_relations":[0,"Investor relations"],"page.not_found.error_code":[0,"Error Code: 404"],"search.autocomplete_title":[0,"Insert a query. Press enter to send"],"footer.logos_and_press_kit":[0,"Logos & press kit"],"footer.application_services":[0,"Application services"],"footer.get_a_recommendation":[0,"Get a recommendation"],"posts.social_buttons.reddit":[0,"Discuss on Reddit"],"footer.sse_and_sase_services":[0,"SSE and SASE services"],"page.not_found.outdated_link":[0,"You may have used an outdated link, or you may have typed the address incorrectly."],"footer.report_security_issues":[0,"Report Security Issues"],"page.error.error_message_page":[0,"Sorry, we can't find the page you are looking for."],"header.subscribe_notifications":[0,"Subscribe to receive notifications of new posts:"],"footer.cloudflare_for_campaigns":[0,"Cloudflare for Campaigns"],"header.subscription_confimation":[0,"Subscription confirmed. Thank you for subscribing!"],"posts.social_buttons.hackernews":[0,"Discuss on Hacker News"],"footer.diversity_equity_inclusion":[0,"Diversity, equity & inclusion"],"footer.critical_infrastructure_defense_project":[0,"Critical Infrastructure Defense Project"]}]}" ssr client="load" opts="{"name":"PostCard","value":true}" await-children><article class="w-50-l mt4 mt2-l mb4 ph3 bb b--gray8 bn-l"><div class="w-100"><a href="/experiment-with-http-3-using-nginx-and-quiche/" class="fw5 no-underline gray1" data-testid="post-title"><h2 class="fw5 mt2">Experiment with HTTP/3 using NGINX and quiche</h2></a><p class="f3 fw5 gray5 my" data-testid="post-date">2019-10-17</p><div class=""><a href="/tag/nginx/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">NGINX</a><a href="/tag/quic/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">QUIC</a><a href="/tag/chrome/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Chrome</a><a href="/tag/developers/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Developers</a><a href="/tag/http3/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">HTTP3</a></div><p class="f3 fw4 gray1 lh-copy " data-testid="post-content">Just a few weeks ago we announced the availability on our edge network of HTTP/3, the new revision of HTTP intended to improve security and performance on the Internet. Everyone can now enable HTTP/3 on their Cloudflare zone<!-- -->...</p><ul class="author-lists flex pl0"><li class="list flex items-center pr2 mb3"><a href="/author/alessandro-ghedini/" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6ysyaWM0uyFhi5F9X2t0jw/14d2e374a965b36818ee73b00412f671/alessandro-ghedini.jpg" alt="Alessandro Ghedini" width="62" height="62"/></a><div class="author-name-tooltip"><a href="/author/alessandro-ghedini/" class="fw4 f3 no-underline black">Alessandro Ghedini</a></div></li></ul></div></article><!--astro:end--></astro-island><astro-island uid="OWPoD" prefix="r3" component-url="/_astro/PostCard.CG32ktie.js" component-export="PostCard" renderer-url="/_astro/client.DLO1yDVm.js" props="{"currentPage":[0,1],"isFeaturedImageFirstPost":[0,false],"post":[0,{"id":[0,"52qfyjBwLUIY5Bs9YR6xif"],"title":[0,"A Question of Timing"],"slug":[0,"a-question-of-timing"],"excerpt":[0,"When considering website performance, the term TTFB - time to first byte - crops up regularly. Often we see measurements from cURL and Chrome, and this article will show what timings those tools can produce, including time to first byte..."],"featured":[0,false],"html":[0,"\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3zCGPwzpCVzjoRBJnEigP6/7cf0708f61d20f3ce699bf43fa9987a1/photo-1501139083538-0139583c060f\" alt=\"selective focus photo of brown and blue hourglass on stones\" class=\"kg-image\" width=\"1080\" height=\"720\" loading=\"lazy\"/>\n \n </figure><p><i>Photo by </i><a href=\"https://unsplash.com/@aronunsplash?utm_source=ghost&utm_medium=referral&utm_campaign=api-credit\"><i>Aron</i></a><i> / </i><a href=\"https://unsplash.com/?utm_source=ghost&utm_medium=referral&utm_campaign=api-credit\"><i>Unsplash</i></a></p><p>When considering website performance, the term TTFB - time to first byte - crops up regularly. Often we see measurements from cURL and Chrome, and this article will show what timings those tools can produce, including time to first byte, and discuss whether this is the measurement you are really looking for.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"timing-with-curl\">Timing with cURL</h3>\n <a href=\"#timing-with-curl\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p><a href=\"https://curl.haxx.se/\">cURL</a> is an excellent tool for debugging web requests, and it includes the ability to take timing measurements. Let’s take an example website <a href=\"http://www.zasag.mn\">www.zasag.mn</a> (the Mongolian government), and measure how long a request to its home page takes:</p><p>First configure the output format for cURL in <code>~/.curlrc</code>:</p>\n <pre class=\"language-bash\"><code class=\"language-bash\">$ cat .curlrc\n-w &quot;dnslookup: %{time_namelookup} | connect: %{time_connect} | appconnect: %{time_appconnect} | pretransfer: %{time_pretransfer} | starttransfer: %{time_starttransfer} | total: %{time_total} | size: %{size_download}\\n&quot;</pre></code>\n <p>Now connect to the site dropping the output (<code>-o /dev/null</code>) since we’re only interested in the timing:</p>\n <pre class=\"language-bash\"><code class=\"language-bash\">$ curl -so /dev/null https://www.zasag.mn\ndnslookup: 1.510 | connect: 1.757 | appconnect: 2.256 | pretransfer: 2.259 | \nstarttransfer: 2.506 | total: 3.001 | size: 53107</pre></code>\n <p>These timings are in seconds. Depending on your version of cURL, you may get more decimal places than this example. 3 seconds is a long time, and remember this is only for the HTML from the home page - it doesn’t include any JavaScript, images, etc.</p><p>The diagram below shows what each of those timings refer to against a typical HTTP over TLS 1.2 connection (TLS 1.3 setup <a href=\"/tls-1-3-overview-and-q-and-a/\">needs one less round trip</a>):</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2EfInkqn7sNtWkWFdxPDk4/2f3e1c0202ed6025bbe12f6f540c1b4a/Screen-Shot-2018-10-16-at-14.51.29-1.png\" alt=\"\" class=\"kg-image\" width=\"1262\" height=\"1266\" loading=\"lazy\"/>\n \n </figure><ul><li><p><b>time_namelookup</b> in this example takes a long time. To exclude DNS resolver performance from the figures, you can resolve the IP for cURL: <code>--resolve www.zasag.mn:443:218.100.84.167</code>. It may also be worth looking for a <a href=\"https://www.dnsperf.com/#!dns-resolvers\">faster</a> <a href=\"https://1.1.1.1/\">resolver</a> :).</p></li><li><p><b>time_connect</b> is the TCP three-way handshake from the client’s perspective. It ends just after the client sends the ACK - it doesn&#39;t include the time taken for that ACK to reach the server. It should be close to the <a href=\"https://www.cloudflare.com/learning/cdn/glossary/round-trip-time-rtt/\">round-trip time (RTT)</a> to the server. In this example, RTT looks to be about 200 ms.</p></li><li><p><b>time_appconnect</b> here is TLS setup. The client is then ready to send it’s HTTP GET request.</p></li><li><p><b>time_starttransfer</b> is just before cURL reads the first byte from the network (it hasn&#39;t actually read it yet). <code>time_starttransfer - time_appconnect</code> is practically the same as Time To First Byte (TTFB) from this client - 250 ms in this example case. This includes the round trip over the network, so you might get a better guess of how long the server spent on the request by calculating <code>TTFB - (time_connect - time_namelookup)</code>, so in this case, the server spent only a few milliseconds responding, the rest of the time was the network.</p></li><li><p><b>time_total</b> is just after the client has sent the FIN connection tear down.</p></li></ul>\n <div class=\"flex anchor relative\">\n <h3 id=\"timing-with-chrome\">Timing with Chrome</h3>\n <a href=\"#timing-with-chrome\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Chrome, and some other testing tools, use the <a href=\"https://www.w3.org/TR/resource-timing/\">W3C Resource Timing standard</a> for measurements. In Chrome developer tools this looks like this:</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7FucQd5wZiX7K01gcDGiCL/8c82a221c3ea0ad064a3a19020dca543/Screen-Shot-2018-08-04-at-12.07.37--1-.png\" alt=\"\" class=\"kg-image\" width=\"1092\" height=\"634\" loading=\"lazy\"/>\n \n </figure><p>Again, here’s how this maps onto a typical HTTP over TLS 1.2 connection, also showing the Resource Timing attribute names:</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7fAas2lxyTJGoBn3X0izru/3d41a94ce5ae888bea98aba106fe1407/Screen-Shot-2018-10-16-at-14.52.48.png\" alt=\"\" class=\"kg-image\" width=\"1402\" height=\"1382\" loading=\"lazy\"/>\n \n </figure><ul><li><p><b>Stalled</b> (fetchStart to domainLookupStart) is the browser waiting to start the connection, e.g. allocating cache on disk, if there are higher priority requests, or if there are already 6 connections open to this host.</p></li><li><p><b>Initial connection</b> shown by Chrome is connectStart to connectEnd. Unlike cURL timings, this includes SSL connection setup, so if you want a fair estimate of RTT, this would be <code>Initial connection - SSL</code>. If an existing connection is being reused, then DNS Lookup, Initial connection and SSL won&#39;t be shown.</p></li><li><p><b>Request sent</b> is <code>connectEnd - requestStart</code>, which should be negligible.</p></li><li><p>Similarly to cURL, if we subtract the TCP handshake time from TTFB, we can guess the amount of time the server really spent processing (again, we don&#39;t have an exact RTT timing, so this is a approximation).</p></li></ul>\n <div class=\"flex anchor relative\">\n <h3 id=\"what-are-we-looking-for-again\">What are we looking for again?</h3>\n <a href=\"#what-are-we-looking-for-again\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>These measurements, including TTFB, can be helpful in diagnosing problems, and might help you to delve into a specific problem, but do they actually tell you about how well a website is performing? Ultimately, if you are looking to measure the experience of users, the time it takes for the first byte of some HTML to return isn’t effective. A web page might contain hundreds of images, it might have JavaScript and styles that need to load before you can interact. To reflect real user experience, you need to time how long until the web page becomes useful, and to take those measurements from representative sample of where your users are accessing the site from. And that&#39;s a topic for another day :)</p>"],"published_at":[0,"2018-10-17T13:00:00.000+01:00"],"updated_at":[0,"2024-10-09T21:55:29.555Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/DQ4fkP3bbB4yEFUTiTqDF/0fbe3f3a465189546ef64a9b326ab6c9/a-question-of-timing.png"],"tags":[1,[[0,{"id":[0,"48r7QV00gLMWOIcM1CSDRy"],"name":[0,"Speed & Reliability"],"slug":[0,"speed-and-reliability"]}],[0,{"id":[0,"3skwJ34K0c3CEY1cNogR4n"],"name":[0,"Chrome"],"slug":[0,"chrome"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Piers Cornwell"],"slug":[0,"piers"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7nAaIdrKew5Uokc8SiXxCk/47c353c8eb3a4ef9e5d88a2df1bf7553/piers.jpg"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,"What the timings from cURL and Chrome mean, including how to calculate time-to-first byte"],"primary_author":[0,{}],"localeList":[0,{"name":[0,"A Question of Timing Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/a-question-of-timing"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,""]}]}],"translations":[0,{"posts.by":[0,"By"],"footer.gdpr":[0,"GDPR"],"lang_blurb1":[0,"This post is also available in {lang1}."],"lang_blurb2":[0,"This post is also available in {lang1} and {lang2}."],"lang_blurb3":[0,"This post is also available in {lang1}, {lang2} and {lang3}."],"footer.press":[0,"Press"],"header.title":[0,"The Cloudflare Blog"],"search.clear":[0,"Clear"],"search.filter":[0,"Filter"],"search.source":[0,"Source"],"footer.careers":[0,"Careers"],"footer.company":[0,"Company"],"footer.support":[0,"Support"],"footer.the_net":[0,"theNet"],"search.filters":[0,"Filters"],"footer.our_team":[0,"Our team"],"footer.webinars":[0,"Webinars"],"page.more_posts":[0,"More posts"],"posts.time_read":[0,"{time} min read"],"search.language":[0,"Language"],"footer.community":[0,"Community"],"footer.resources":[0,"Resources"],"footer.solutions":[0,"Solutions"],"footer.trademark":[0,"Trademark"],"header.subscribe":[0,"Subscribe"],"footer.compliance":[0,"Compliance"],"footer.free_plans":[0,"Free plans"],"footer.impact_ESG":[0,"Impact/ESG"],"posts.follow_on_X":[0,"Follow on X"],"footer.help_center":[0,"Help center"],"footer.network_map":[0,"Network Map"],"header.please_wait":[0,"Please Wait"],"page.related_posts":[0,"Related posts"],"search.result_stat":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong> for <strong>{search_keyword}</strong>"],"footer.case_studies":[0,"Case Studies"],"footer.connect_2024":[0,"Connect 2024"],"footer.terms_of_use":[0,"Terms of Use"],"footer.white_papers":[0,"White Papers"],"footer.cloudflare_tv":[0,"Cloudflare TV"],"footer.community_hub":[0,"Community Hub"],"footer.compare_plans":[0,"Compare plans"],"footer.contact_sales":[0,"Contact Sales"],"header.contact_sales":[0,"Contact Sales"],"header.email_address":[0,"Email Address"],"page.error.not_found":[0,"Page not found"],"footer.developer_docs":[0,"Developer docs"],"footer.privacy_policy":[0,"Privacy Policy"],"footer.request_a_demo":[0,"Request a demo"],"page.continue_reading":[0,"Continue reading"],"footer.analysts_report":[0,"Analyst reports"],"footer.for_enterprises":[0,"For enterprises"],"footer.getting_started":[0,"Getting Started"],"footer.learning_center":[0,"Learning Center"],"footer.project_galileo":[0,"Project Galileo"],"pagination.newer_posts":[0,"Newer Posts"],"pagination.older_posts":[0,"Older Posts"],"posts.social_buttons.x":[0,"Discuss on X"],"search.icon_aria_label":[0,"Search"],"search.source_location":[0,"Source/Location"],"footer.about_cloudflare":[0,"About Cloudflare"],"footer.athenian_project":[0,"Athenian Project"],"footer.become_a_partner":[0,"Become a partner"],"footer.cloudflare_radar":[0,"Cloudflare Radar"],"footer.network_services":[0,"Network services"],"footer.trust_and_safety":[0,"Trust & Safety"],"header.get_started_free":[0,"Get Started Free"],"page.search.placeholder":[0,"Search Cloudflare"],"footer.cloudflare_status":[0,"Cloudflare Status"],"footer.cookie_preference":[0,"Cookie Preferences"],"header.valid_email_error":[0,"Must be valid email."],"search.result_stat_empty":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong>"],"footer.connectivity_cloud":[0,"Connectivity cloud"],"footer.developer_services":[0,"Developer services"],"footer.investor_relations":[0,"Investor relations"],"page.not_found.error_code":[0,"Error Code: 404"],"search.autocomplete_title":[0,"Insert a query. Press enter to send"],"footer.logos_and_press_kit":[0,"Logos & press kit"],"footer.application_services":[0,"Application services"],"footer.get_a_recommendation":[0,"Get a recommendation"],"posts.social_buttons.reddit":[0,"Discuss on Reddit"],"footer.sse_and_sase_services":[0,"SSE and SASE services"],"page.not_found.outdated_link":[0,"You may have used an outdated link, or you may have typed the address incorrectly."],"footer.report_security_issues":[0,"Report Security Issues"],"page.error.error_message_page":[0,"Sorry, we can't find the page you are looking for."],"header.subscribe_notifications":[0,"Subscribe to receive notifications of new posts:"],"footer.cloudflare_for_campaigns":[0,"Cloudflare for Campaigns"],"header.subscription_confimation":[0,"Subscription confirmed. Thank you for subscribing!"],"posts.social_buttons.hackernews":[0,"Discuss on Hacker News"],"footer.diversity_equity_inclusion":[0,"Diversity, equity & inclusion"],"footer.critical_infrastructure_defense_project":[0,"Critical Infrastructure Defense Project"]}]}" ssr client="load" opts="{"name":"PostCard","value":true}" await-children><article class="w-50-l mt4 mt2-l mb4 ph3 bb b--gray8 bn-l"><div class="w-100"><a href="/a-question-of-timing/" class="fw5 no-underline gray1" data-testid="post-title"><h2 class="fw5 mt2">A Question of Timing</h2></a><p class="f3 fw5 gray5 my" data-testid="post-date">2018-10-17</p><div class=""><a href="/tag/speed-and-reliability/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Speed & Reliability</a><a href="/tag/chrome/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Chrome</a></div><p class="f3 fw4 gray1 lh-copy " data-testid="post-content">When considering website performance, the term TTFB - time to first byte - crops up regularly. Often we see measurements from cURL and Chrome, and this article will show what timings those tools can produce, including time to first byte...<!-- -->...</p><ul class="author-lists flex pl0"><li class="list flex items-center pr2 mb3"><a href="/author/piers/" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7nAaIdrKew5Uokc8SiXxCk/47c353c8eb3a4ef9e5d88a2df1bf7553/piers.jpg" alt="Piers Cornwell" width="62" height="62"/></a><div class="author-name-tooltip"><a href="/author/piers/" class="fw4 f3 no-underline black">Piers Cornwell</a></div></li></ul></div></article><!--astro:end--></astro-island><astro-island uid="Z19xvXJ" prefix="r4" component-url="/_astro/PostCard.CG32ktie.js" component-export="PostCard" renderer-url="/_astro/client.DLO1yDVm.js" props="{"currentPage":[0,1],"isFeaturedImageFirstPost":[0,false],"post":[0,{"id":[0,"7ipQzFpDytxabYUE49T7jE"],"title":[0,"Going Proactive on Security: Driving Encryption Adoption Intelligently"],"slug":[0,"being-proactive"],"excerpt":[0,"It's no secret that Cloudflare operates at a huge scale. Cloudflare provides security and performance to over 9 million websites all around the world, from small businesses and WordPress blogs to Fortune 500 companies. That means one in every 10 web requests goes through our network."],"featured":[0,false],"html":[0,"<p>It&#39;s no secret that Cloudflare operates at a huge scale. Cloudflare provides security and performance to over 9 million websites all around the world, from small businesses and WordPress blogs to Fortune 500 companies. That means one in every 10 web requests goes through our network.</p><p>However, hidden behind the scenes, we offer support in using our platform to all our customers - whether they&#39;re on our free plan or on our Enterprise offering. This blog post dives into some of the technology that helps make this possible and how we&#39;re using it to drive encryption and build a better web.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"why-now\">Why Now?</h3>\n <a href=\"#why-now\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Recently web browser vendors have been working on extending encryption on the internet. Traditionally they would use positive indicators to mark encrypted traffic as secure; when traffic was served securely over HTTPS, a green padlock would indicate in your browser that this was the case. In moving to standardise encryption online, Google Chrome have been leading the charge in marking insecure page loads as &quot;Not Secure&quot;. Today, this UI change has been pushed out to all Google Chrome users globally for all websites: any website loaded over HTTP will be marked as insecure.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4kSP68dcfVP7ZePmZVcX5m/52364a548f6f0540eb2b39d04edc41ac/chrome68.png\" alt=\"chrome68\" class=\"kg-image\" width=\"640\" height=\"231\" loading=\"lazy\"/>\n \n </figure><p>That&#39;s not all though; all resources loaded by a website need to be loaded over HTTPS and such sites need to be configured properly to avoid mixed-content warnings, not to mention correctly configuring secure cryptography at the web server. Cloudflare helped bring widespread adoption of HTTPS to the internet by offering free of charge SSL certificates; in doing so we&#39;ve become experts at knowing where web developers trip up in configuring HTTPS on their websites. HTTPS is now important for everyone who builds on the web, not just those with an interest in cryptography.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"meet-helperbot\">Meet HelperBot</h3>\n <a href=\"#meet-helperbot\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>In recent months, we’ve taken this expertise to help our Cloudflare customers avoid common mistakes. One of things me and my team have been working on building has been intelligent systems which automatically triage support tickets and present relevant debugging information upfront to the agent assigned to the ticket.</p><p>We use a custom-build Natural Language Processing model to determine the issues related to what the customer is discussing, and then we run technical tests in a Chain-of-Responsibility (with the most relevant to the customer running first) to determine what&#39;s going wrong. We then automatically triage the ticket and present this information to the support agent in the ticket.</p><p>Here&#39;s an example of a piece of the information we present upfront:</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5NpVZj6VaEibiI2EjHoWwE/e0d7c8520532f96ff1770fb7a928f58a/Screen-Shot-2018-07-20-at-22.32.15.png\" alt=\"SSL HelperBot Test\" class=\"kg-image\" width=\"1564\" height=\"1118\" loading=\"lazy\"/>\n \n </figure><p>Whilst we initially manually built automated debugging tests, we soon used Search Based Software Engineering strategies to self-write debugging automations based on various data points (such as the underlying technologies powering a site, their configuration or their error rates). When we detect anomalies, we are able to present this information upfront to our support agents to reduce the manual debugging they must conduct. In essence, we are able to get the software to write itself from test behaviour, within reason.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7DyM6G9zIBhPfuHQKGLrYV/700d3be7e165f2bb67f111e786aca410/Screen-Shot-2018-07-20-at-22.32.26.png\" alt=\"Generated HelperBot Test\" class=\"kg-image\" width=\"1834\" height=\"1118\" loading=\"lazy\"/>\n \n </figure><p>Whilst this data is largely mostly internally used; we are starting to A/B test new versions of our support ticket submission form which present a subset of this information upfront to users before they write into us - allowing them to the answers to their problem quicker.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2Ai05dz42OOzBvTPyZbKCB/f5a3457bf73ef074f847680ab19c31e3/Screen-Shot-2018-07-20-at-22.42.01.png\" alt=\"New Ticket Form\" class=\"kg-image\" width=\"1494\" height=\"1110\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"being-proactive-about-security\">Being Proactive About Security</h3>\n <a href=\"#being-proactive-about-security\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>To help drive adoption of a more secure internet - and drive down common misconfigurations of SSL - we have started testing emailing customers proactively about Mixed Content errors and Redirect Loops associated with HTTPS web server misconfigurations.</p><p>By joining forces with our Marketing team, we were able to run an ongoing campaign of testing user behaviour to proactive security advice. Users receive messages similar to the one below.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7iIYIvaExMtNBkBPxwqdyU/b432461153c27b5dead0a9773320d300/Screen-Shot-2018-07-20-at-22.49.18.png\" alt=\"Proactive Support Email\" class=\"kg-image\" width=\"1450\" height=\"1524\" loading=\"lazy\"/>\n \n </figure><p>With this capability, we decided to expose the functionality to a wider audience, including those not already using Cloudflare.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"ssl-test-tool-powered-by-helperbot-external\">SSL Test Tool (Powered by HelperBot-External)</h3>\n <a href=\"#ssl-test-tool-powered-by-helperbot-external\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <figure class=\"kg-card kg-image-card \">\n <a href=https://www.cloudflare.com/lp/ssl-test?utm_medium=website&utm_source=blog&utm_campaign=chrome68>\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3z3r2uTJBYPDFo2AXJ2Lla/bcdc986185ffaff6959524f32943e3b0/Screen-Shot-2018-07-21-at-00.53.26.png\" alt=\"SSL Test Tool\" class=\"kg-image\" width=\"2068\" height=\"824\" loading=\"lazy\"/>\n </a>\n </figure><p>To help website owners make the transition to HTTPS, we&#39;ve launched <a href=\"https://www.cloudflare.com/lp/ssl-test?utm_medium=website&utm_source=blog&utm_campaign=chrome68\">the SSL Test Tool</a>. We internally codenamed the backend as HelperBot-External, after the internal HelperBot service. We decided to take a subset of the SSL tests we use internally and allow someone to run a basic version of the scan on their own site. This helps users understand what they need to do to move their site to HTTPS by detecting the most common issues. By doing so, we seek to help users who are struggling to get over the line in enabling HTTPS on their sites by providing them some dynamic guidance in a plain-English fashion.</p><p>The tool runs 12 tests across three key categories of errors: HTTPS Disabled, Client Errors and Cryptography Errors. Unlike other tools, these are tests are based on the questions we see real users ask about their SSL configuration and the tasks they most struggle with. This is a tool designed to support all web developers in enabling HTTPS, not just those with an interest in cryptography. For example; by educating users about mixed content errors, we are able to make the case for them enabling HTTPS Strict Transport Security, thereby <a href=\"https://www.cloudflare.com/learning/security/glossary/website-security-checklist/\">improving the security practices</a> they adopt.</p><p>Further; these tests are available to everyone. We believe it’s important that the entire Internet be safer, not only for our customers and their visitors (although, admittedly, Cloudflare’s SSL and crypto features make it very simple to be HTTPS-ready).</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"conclusion-just-the-beginning\">Conclusion: Just the Beginning</h3>\n <a href=\"#conclusion-just-the-beginning\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>As we grow our intelligence capabilities; we do so to provide better performance and security to our customers. We want build a better internet and make our users more successful on our platform. Whilst there&#39;s still plenty of ground left to cover in building out our intelligent capability for supporting customers, we&#39;re developing rapidly and focussed on using those skills to improve things our customers care about.</p>"],"published_at":[0,"2018-07-24T18:32:43.000+01:00"],"updated_at":[0,"2024-11-05T18:25:51.133Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2w30t1BpnZmqGvMwu2UqDA/33404c7fa5408cffad640034321998fd/being-proactive.png"],"tags":[1,[[0,{"id":[0,"5US4l4wdDysuDpZ4ktL3yP"],"name":[0,"HTTPS"],"slug":[0,"https"]}],[0,{"id":[0,"3skwJ34K0c3CEY1cNogR4n"],"name":[0,"Chrome"],"slug":[0,"chrome"]}],[0,{"id":[0,"1HblPaFreDjetoJDJPjTAi"],"name":[0,"SSL"],"slug":[0,"ssl"]}],[0,{"id":[0,"3xarOcS5XgYCpK9lk1ol2E"],"name":[0,"Support"],"slug":[0,"support"]}],[0,{"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"name":[0,"Security"],"slug":[0,"security"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Junade Ali"],"slug":[0,"junade-ali"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3OWtXkEWho3HaulkNRp0L2/8ae3c35ad8c0f7df43d8fc9c35bfe87f/junade-ali.jpg"],"location":[0,null],"website":[0,null],"twitter":[0,"@IcyApril"],"facebook":[0,null]}]]],"meta_description":[0,"It's no secret that Cloudflare operates at a huge scale. Cloudflare provides security and performance to over 9 million websites all around the world, from small businesses and WordPress blogs to Fortune 500 companies. That means one in every 10 web requests goes through our network."],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Going Proactive on Security: Driving Encryption Adoption Intelligently Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/being-proactive"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,""]}]}],"translations":[0,{"posts.by":[0,"By"],"footer.gdpr":[0,"GDPR"],"lang_blurb1":[0,"This post is also available in {lang1}."],"lang_blurb2":[0,"This post is also available in {lang1} and {lang2}."],"lang_blurb3":[0,"This post is also available in {lang1}, {lang2} and {lang3}."],"footer.press":[0,"Press"],"header.title":[0,"The Cloudflare Blog"],"search.clear":[0,"Clear"],"search.filter":[0,"Filter"],"search.source":[0,"Source"],"footer.careers":[0,"Careers"],"footer.company":[0,"Company"],"footer.support":[0,"Support"],"footer.the_net":[0,"theNet"],"search.filters":[0,"Filters"],"footer.our_team":[0,"Our team"],"footer.webinars":[0,"Webinars"],"page.more_posts":[0,"More posts"],"posts.time_read":[0,"{time} min read"],"search.language":[0,"Language"],"footer.community":[0,"Community"],"footer.resources":[0,"Resources"],"footer.solutions":[0,"Solutions"],"footer.trademark":[0,"Trademark"],"header.subscribe":[0,"Subscribe"],"footer.compliance":[0,"Compliance"],"footer.free_plans":[0,"Free plans"],"footer.impact_ESG":[0,"Impact/ESG"],"posts.follow_on_X":[0,"Follow on X"],"footer.help_center":[0,"Help center"],"footer.network_map":[0,"Network Map"],"header.please_wait":[0,"Please Wait"],"page.related_posts":[0,"Related posts"],"search.result_stat":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong> for <strong>{search_keyword}</strong>"],"footer.case_studies":[0,"Case Studies"],"footer.connect_2024":[0,"Connect 2024"],"footer.terms_of_use":[0,"Terms of Use"],"footer.white_papers":[0,"White Papers"],"footer.cloudflare_tv":[0,"Cloudflare TV"],"footer.community_hub":[0,"Community Hub"],"footer.compare_plans":[0,"Compare plans"],"footer.contact_sales":[0,"Contact Sales"],"header.contact_sales":[0,"Contact Sales"],"header.email_address":[0,"Email Address"],"page.error.not_found":[0,"Page not found"],"footer.developer_docs":[0,"Developer docs"],"footer.privacy_policy":[0,"Privacy Policy"],"footer.request_a_demo":[0,"Request a demo"],"page.continue_reading":[0,"Continue reading"],"footer.analysts_report":[0,"Analyst reports"],"footer.for_enterprises":[0,"For enterprises"],"footer.getting_started":[0,"Getting Started"],"footer.learning_center":[0,"Learning Center"],"footer.project_galileo":[0,"Project Galileo"],"pagination.newer_posts":[0,"Newer Posts"],"pagination.older_posts":[0,"Older Posts"],"posts.social_buttons.x":[0,"Discuss on X"],"search.icon_aria_label":[0,"Search"],"search.source_location":[0,"Source/Location"],"footer.about_cloudflare":[0,"About Cloudflare"],"footer.athenian_project":[0,"Athenian Project"],"footer.become_a_partner":[0,"Become a partner"],"footer.cloudflare_radar":[0,"Cloudflare Radar"],"footer.network_services":[0,"Network services"],"footer.trust_and_safety":[0,"Trust & Safety"],"header.get_started_free":[0,"Get Started Free"],"page.search.placeholder":[0,"Search Cloudflare"],"footer.cloudflare_status":[0,"Cloudflare Status"],"footer.cookie_preference":[0,"Cookie Preferences"],"header.valid_email_error":[0,"Must be valid email."],"search.result_stat_empty":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong>"],"footer.connectivity_cloud":[0,"Connectivity cloud"],"footer.developer_services":[0,"Developer services"],"footer.investor_relations":[0,"Investor relations"],"page.not_found.error_code":[0,"Error Code: 404"],"search.autocomplete_title":[0,"Insert a query. Press enter to send"],"footer.logos_and_press_kit":[0,"Logos & press kit"],"footer.application_services":[0,"Application services"],"footer.get_a_recommendation":[0,"Get a recommendation"],"posts.social_buttons.reddit":[0,"Discuss on Reddit"],"footer.sse_and_sase_services":[0,"SSE and SASE services"],"page.not_found.outdated_link":[0,"You may have used an outdated link, or you may have typed the address incorrectly."],"footer.report_security_issues":[0,"Report Security Issues"],"page.error.error_message_page":[0,"Sorry, we can't find the page you are looking for."],"header.subscribe_notifications":[0,"Subscribe to receive notifications of new posts:"],"footer.cloudflare_for_campaigns":[0,"Cloudflare for Campaigns"],"header.subscription_confimation":[0,"Subscription confirmed. Thank you for subscribing!"],"posts.social_buttons.hackernews":[0,"Discuss on Hacker News"],"footer.diversity_equity_inclusion":[0,"Diversity, equity & inclusion"],"footer.critical_infrastructure_defense_project":[0,"Critical Infrastructure Defense Project"]}]}" ssr client="load" opts="{"name":"PostCard","value":true}" await-children><article class="w-50-l mt4 mt2-l mb4 ph3 bb b--gray8 bn-l"><div class="w-100"><a href="/being-proactive/" class="fw5 no-underline gray1" data-testid="post-title"><h2 class="fw5 mt2">Going Proactive on Security: Driving Encryption Adoption Intelligently</h2></a><p class="f3 fw5 gray5 my" data-testid="post-date">2018-07-24</p><div class=""><a href="/tag/https/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">HTTPS</a><a href="/tag/chrome/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Chrome</a><a href="/tag/ssl/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">SSL</a><a href="/tag/support/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Support</a><a href="/tag/security/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Security</a></div><p class="f3 fw4 gray1 lh-copy " data-testid="post-content">It's no secret that Cloudflare operates at a huge scale. Cloudflare provides security and performance to over 9 million websites all around the world, from small businesses and WordPress blogs to Fortune 500 companies. That means one in every 10 web requests goes through our network.<!-- -->...</p><ul class="author-lists flex pl0"><li class="list flex items-center pr2 mb3"><a href="/author/junade-ali/" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3OWtXkEWho3HaulkNRp0L2/8ae3c35ad8c0f7df43d8fc9c35bfe87f/junade-ali.jpg" alt="Junade Ali" width="62" height="62"/></a><div class="author-name-tooltip"><a href="/author/junade-ali/" class="fw4 f3 no-underline black">Junade Ali</a></div></li></ul></div></article><!--astro:end--></astro-island> <astro-island uid="12ujrI" prefix="r5" component-url="/_astro/MorePosts.DyRVOquy.js" component-export="default" renderer-url="/_astro/client.DLO1yDVm.js" props="{"locale":[0,"en-us"],"posts":[1,[[0,{"id":[0,"5l5nzMLUg5cHi67NAHy0wK"],"title":[0,"Today, Chrome Takes Another Step Forward in Addressing the Design Flaw That is an Unencrypted Web"],"slug":[0,"today-chrome-takes-another-step-forward-in-addressing-the-design-flaw-that-is-an-unencrypted-web"],"excerpt":[0,"I still remember my first foray onto the internet as a university student back in the mid 90's. It was a simpler time back then, of course; we weren't doing our personal banking or our tax returns or handling our medical records so encrypting the transport layer wasn't exactly a high priority. "],"featured":[0,false],"html":[0,"<p><i>The following is a guest post by Troy Hunt, awarded </i><a href=\"https://www.troyhunt.com/about/\"><i>Security expert</i></a><i>, </i><a href=\"https://www.troyhunt.com/\"><i>blogger</i></a><i>, and Pluralsight author. He’s also the creator of the popular </i><a href=\"https://haveibeenpwned.com/\"><i>Have I been pwned?</i></a><i>, the free aggregation service that helps the owners of over 5 billion accounts impacted by data breaches.</i></p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5KzdaWJzeTAjCK93nkKTlP/47b50fe081c28d84805f57ff82036494/chrome-68-troy-hhunt-quote_0.75x.png\" alt=\"chrome-68-troy-hhunt-quote@0.75x\" class=\"kg-image\" width=\"3558\" height=\"1965\" loading=\"lazy\"/>\n \n </figure><p><a href=\"https://twitter.com/share?ref_src=twsrc%5Etfw\">Tweet</a></p><p>I still clearly remember my first foray onto the internet as a university student back in the mid 90&#39;s. It was a simpler online time back then, of course; we weren&#39;t doing our personal banking or our tax returns or handling our medical records so the whole premise of encrypting the transport layer wasn&#39;t exactly a high priority. In time, those services came along and so did the need to have some assurances about the confidentiality of the material we were sending around over other people&#39;s networks and computers. SSL as it was at the time was costly, but hey, banks and the like could absorb that given the nature of their businesses. However, at the time, there were all sorts of problems with the premise of serving traffic securely ranging from the cost of certs to the effort involved in obtaining and configuring them through to the performance hit on the infrastructure. We&#39;ve spent the last couple of decades fixing these shortcomings and subsequently, driving site owners towards a more secure web. Today represents just one more step in that journey: as of today, Chrome is flagging all non-secure connections as... not secure!</p><p>I want to delve into the premise of this a little deeper because certainly there are those who question the need for the browser to be so shouty about a lack of encryption. I particularly see this point of view expressed as it relates to sites without the need for confidentiality, for example a static site that collects no personal data. But let me set the stage for this blog post because we&#39;re actually addressing a very fundamental problem here:</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"the-push-for-https-is-merely-addressing-a-design-flaw-with-the-original-unencrypted-web\">The push for HTTPS is merely addressing a design flaw with the original, unencrypted web.</h3>\n <a href=\"#the-push-for-https-is-merely-addressing-a-design-flaw-with-the-original-unencrypted-web\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>I mean think about it - we&#39;ve been plodding along standing up billions of websites and usually having no idea whether requests are successfully reaching the correct destination, whether they&#39;ve been observed, tampered with, logged or otherwise mishandled somewhere along the way. We&#39;d <i>never</i> sit down and design a network like this today but as with so many aspects of the web, we&#39;re still dealing with the legacy of decisions made in a very different time.</p><p>So back to Chrome for moment and the &quot;Not secure&quot; visual indicator. When I run training on HTTPS, I load up a website in the browser over a secure connection and I ask the question - &quot;How do we know this connection is secure&quot;? It&#39;s a question usually met by confused stares as we literally see the word &quot;Secure&quot; sitting up next to the address bar. We know the connection is secure because the browser tells us this explicitly. Now, let&#39;s try it with a site loaded over an insecure connection - &quot;How do we know this connection is not secure&quot;? And the penny drops because the answer is always &quot;We know it&#39;s not secure because it doesn&#39;t tell us that it is secure&quot;! Isn&#39;t that an odd inversion? <i>Was</i> an odd inversion because as of today, both secure and non-secure connections get the same visual treatment so finally, we have parity.</p><p>But is parity what we actually want? think back to the days when Chrome didn&#39;t tell you an insecure connection wasn&#39;t secure (ah, isn&#39;t it nice that&#39;s in the past already?!); browsers could get away with this <i>because that was the normal state!</i> Why explicitly say anything when the connection is &quot;normal&quot;? But now we&#39;re changing what &quot;normal&quot; means and in the future that means we&#39;ll be able to apply the same logic as Chrome used to: visual indicators for the normal state won&#39;t be necessary or in other words, we won&#39;t need to say &quot;secure&quot; any more. Instead, we can focus on the messaging around deviations from normal, namely connections that aren&#39;t secure. Google has already flagged that we&#39;ll see this behaviour in the future too, it&#39;s just a matter of time.</p><p>Let&#39;s take a moment to reflect on what that word &quot;normal&quot; means as it relates to secure comms on the internet because it&#39;s something that changes over time. A perfect example of that is <a href=\"https://scotthelme.co.uk/how-widely-used-are-security-based-http-response-headers/\">Scott Helme&#39;s six-monthly Alexa Top 1M report</a>. A couple of times a year, Scott publishes stats on the adoption of a range of different security constructs by the world&#39;s largest websites. One of those security constructs is the use of HTTPS or more specifically, sites that automatically redirect non-secure requests to the secure scheme. In that report above, he found that 6.7% of sites did this in August 2015. Let&#39;s have a look at just how quickly that number has changed and for ease of legibility, I&#39;ll list them all below followed by the change from the previous scan 6 months earlier:</p><ul><li><p>Aug 2015: 6.7%</p></li><li><p>Feb 2016: 9.4% (+42%)</p></li><li><p>Aug 2016: 13.8% (+46%)</p></li><li><p>Feb 2017: 20.0% (+45%)</p></li><li><p>Aug 2017: 30.8% (+48%)</p></li><li><p>Feb 2018: 38.4% (+32%)</p></li></ul><p>That&#39;s an <i>astonishingly</i> high growth rate, pretty much doubling every 12 months. We can&#39;t sustain that rate forever, of course, but depending on how you look at it, the numbers are even higher than that. <a href=\"https://docs.telemetry.mozilla.org/datasets/other/ssl/reference.html\">Firefox&#39;s telemetry</a> suggests that as of today, 73% of all requests are served over a secure HTTPS connection. That number is much higher than Scott&#39;s due to the higher prevalence of the world&#39;s largest websites implementing HTTPS more frequently than the smaller ones. In fact, Scott&#39;s own figures graphically illustrate this:</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5vArpeYnYlrbUxOeOqrOP9/ac69cc49464fb3b115d13f51098a5451/Troy_Hunt_Image.png\" alt=\"Troy_Hunt_Image\" class=\"kg-image\" width=\"1082\" height=\"659\" loading=\"lazy\"/>\n \n </figure><p>Each point on the graph is a cluster of 4,000 websites with the largest ones on the left and the smallest on the right. It&#39;s clear that well over half of the largest sites are doing HTTPS by default whilst the smallest ones are much closer to one quarter. This can be explained by the fact that larger services tend to be those that we&#39;ve traditionally expected higher levels of security on; they&#39;re <a href=\"https://www.cloudflare.com/ecommerce/\">e-commerce sites</a>, social media platforms, banks and so on. Paradoxically, those sites are also the ones that are less trivial to roll over to HTTPS whilst the ones to the right of the graph are more likely to literally be lunchtime jobs. Last month I produced <a href=\"https://httpsiseasy.com/\">a free 4-part series called &quot;HTTP Is Easy&quot;</a> and part 1 literally went from zero HTTPS to full HTTPS across the entire site in 5 minutes. It took another 5 minutes to get a higher grade than what most banks have for their transport layer encryption. HTTPS really <i>is</i> easy!</p><p>Yet still, there remain those who are unconvinced that secure connections are always necessary. Content integrity, they argue, is really not that important, what can a malicious party actually do with a static site such as a blog anyway? Good question! In no particular order, <a href=\"https://securitywarrior9.blogspot.com/2018/06/cross-site-request-forgery-intex-router.html\">they can inject script to modify the settings of vulnerable routers and hijack DNS</a>, <a href=\"https://blog.torproject.org/egypt-internet-censorship\">inject cryptominers into the browser</a>, <a href=\"https://citizenlab.ca/2015/04/chinas-great-cannon/\">weaponise people&#39;s browsers into a DDoS cannon</a> or <a href=\"https://beefproject.com/\">serve malware or phishing pages to unsuspecting victims</a>. Just to really drive home the real-world risks, <a href=\"https://www.troyhunt.com/heres-why-your-static-website-needs-https/\">I demo&#39;d all those in a single video a couple of weeks ago</a>. Mind you, the sorts of sites for whom owners are questioning the need for HTTPS are precisely the sorts of sites that tend to be 5-minute exercises to put behind Cloudflare so regardless of debates about how necessary it is, the actual effort involved in doing it is usually negligible. Oh - and it&#39;ll give you access to HTTP/2 and Brotli compression which are both great for <a href=\"https://www.cloudflare.com/solutions/ecommerce/optimization/\">performance</a> <i>and</i> only work over HTTPS plus enable you to access <a href=\"https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts/features_restricted_to_secure_contexts\">a whole range of browser features that are only available in secure contexts</a>.</p><p>Today is just one more correction in a series that&#39;s been running for some time now. In Jan last year it was both Chrome and Firefox flagging insecure pages accepting passwords or credit cards as not secure. In October Chrome began showing the same visual indicator when entering data into <i>any</i> non-secure form. In March this year Safari on iOS began showing &quot;Not Secure&quot; when entering text into an insecure login form. We all know what&#39;s happened today and as I flagged earlier, the future holds yet more changes as we move towards a more &quot;secure by default&quot; web. (Incidentally, note how it&#39;s multiple browser vendors driving this change, it&#39;s by no means solely Google&#39;s doing.)</p><p>Bit by bit, we&#39;re gradually fixing the design flaws of the web.</p><hr/><p><b>A Note from Cloudflare</b><i>In June, Troy authored a post entitled “</i><a href=\"https://www.troyhunt.com/https-is-easy/\"><i>HTTPS is Easy!</i></a><i>,” which highlights the simplicity of converting a site to HTTPS with Cloudflare. It’s worth noting that, as indicated in his post, we were (pleasantly) surprised to see this series.</i></p><p><i>At Cloudflare, it’s our mission to build a better Internet, and a part of that is democratizing modern web technologies to everyone. This was the motivation for launching Universal SSL in 2014 - a move that made us the first company to offer SSL for free to anyone. With the release of Chrome 68, we want to continue making HTTPS easy, and have launched a free tool to help any website owner troubleshoot common problems with HTTPS configuration.</i></p><h4>Are you Chome 68 ready? Check your website with our <a href=\"https://cfl.re/ssl-test\">free SSL Test</a>.</h4>"],"published_at":[0,"2018-07-24T16:04:00.000+01:00"],"updated_at":[0,"2024-10-10T00:42:46.196Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5ZHxyfGWtrAGLZZ3XI3M42/6516d22fe371b20bef3b94ee0e76f793/today-chrome-takes-another-step-forward-in-addressing-the-design-flaw-that-is-an-unencrypted-web.png"],"tags":[1,[[0,{"id":[0,"5US4l4wdDysuDpZ4ktL3yP"],"name":[0,"HTTPS"],"slug":[0,"https"]}],[0,{"id":[0,"3skwJ34K0c3CEY1cNogR4n"],"name":[0,"Chrome"],"slug":[0,"chrome"]}],[0,{"id":[0,"1HblPaFreDjetoJDJPjTAi"],"name":[0,"SSL"],"slug":[0,"ssl"]}],[0,{"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"name":[0,"Security"],"slug":[0,"security"]}],[0,{"id":[0,"7mFLEw3Z6dksCNAsnCMHTH"],"name":[0,"Guest Post"],"slug":[0,"guest-post"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Troy Hunt (Guest Author)"],"slug":[0,"troy-hunt"],"bio":[0,"Troy is a web security expert known for education and outreach on security topics. He created HaveIBeenPwned?, a data breach search website that allows users to see if their info has been compromised."],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2XS2oNQ5uR8HmISKR7QGhg/da5044ff87dd691609480783e26c2679/troy-hunt.jpg"],"location":[0,"Australia"],"website":[0,"https://www.troyhunt.com/"],"twitter":[0,"@troyhunt"],"facebook":[0,null]}]]],"meta_description":[0,null],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Today, Chrome Takes Another Step Forward in Addressing the Design Flaw That is an Unencrypted Web Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/today-chrome-takes-another-step-forward-in-addressing-the-design-flaw-that-is-an-unencrypted-web"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,""]}]}],[0,{"id":[0,"4TgLJMj4mdafhTaUENj7hy"],"title":[0,"Delivering a Serverless API in 10 minutes using Workers"],"slug":[0,"delivering-a-serverless-api-in-10-minutes-using-workers"],"excerpt":[0,"In preparation for Chrome’s Not Secure flag, which will update the indicator to show Not Secure when a site is not accessed over https, we wanted people to be able to test whether their site would pass. "],"featured":[0,false],"html":[0,"<p>In preparation for Chrome’s Not Secure flag, which will update the indicator to show Not Secure when a site is not accessed over https, we wanted people to be able to test whether their site would pass. If you read our previous <a href=\"/chrome-not-secure-for-http/\">blog post</a> about the existing misconceptions around using https, and preparing your site, you may have noticed a small fiddle, allowing you to test which sites will be deemed “Secure”. In preparation for the blog post itself, one of our PMs approached me asking for help making this fiddle come to life. It was a simple ask: we need an endpoint which runs logic to see if a given domain will automatically redirect to https.</p><p>The logic and requirements turned out to be very simple:</p><ul><li><p>Make a serverless API endpoint</p></li><li><p>Input: domain (e.g. example.com)</p></li><li><p>Output: “secure” / “not secure”</p></li></ul><p>Logic:</p>\n <pre class=\"language-bash\"><code class=\"language-bash\">if http://example.com redirects to https://example.com\n\tReturn “secure”\nElse\n\tReturn “not secure”</pre></code>\n <p>One additional requirement here was that we needed to follow redirects all the way; sites often redirect to <a href=\"http://www.example.com\">http://www.example.com</a> first, and only then redirect to https. That is an additional line of code I was prepared to handle.</p><p>I’ve done some software engineering in previous jobs, and am now a Solutions Engineer at Cloudflare, but I have no DevOps experience. I’ve set up my fair share of origin servers, installed a few LAMP stacks, and NGINX (thanks to some very detailed guides on the interwebs), but the task of setting up a server to run 10 lines of code on it is daunting. Even with PaaS services such as Heroku, some prerequisite knowledge (and a Github account) is required to get your &quot;Hello, World&quot; app off the ground.</p><p>Using Cloudflare Workers, I was able to get an endpoint on the web, soup to nuts, within a few minutes. I spent no time on research, and 99% of the time converting the very simple pseudo code above into real code. The other 1% was spent adding a DNS record. In 10 minutes, I had a demo-ready cURL for the PM to test domains against.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"the-worker\">The Worker</h2>\n <a href=\"#the-worker\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <pre class=\"language-javascript\"><code class=\"language-javascript\">addEventListener(&#039;fetch&#039;, event =&gt; {\n event.respondWith(handleRequest(event.request))\n})\n\n/**\n* Fetch a request and follow redirects\n* @param {Request} request\n*/\nasync function handleRequest(request) {\n let headers = new Headers({\n &#039;Content-Type&#039;: &#039;text/html&#039;,\n &#039;Access-Control-Allow-Origin&#039;: &#039;*&#039;\n })\n const SECURE_RESPONSE = new Response(&#039;secure&#039;, {status: 200, headers: headers})\n const INSECURE_RESPONSE = new Response(&#039;not secure&#039;, {status: 200, headers: headers})\n const NO_SUCH_SITE = new Response(&#039;website not found&#039;, {status: 200, headers: headers})\n\n let domain = new URL(request.url).searchParams.get(&#039;domain&#039;)\n if(domain === null) {\n return new Response(&#039;Please pass in domain via query string&#039;, {status: 404})\n }\n try {\n let resp = await fetch(`http://${domain}`, {headers: {&#039;User-Agent&#039;: request.headers.get(&#039;User-Agent&#039;)}})\n if(resp.redirected == true &amp;&amp; resp.url.startsWith(&#039;https&#039;)) {\n return SECURE_RESPONSE \n }\n else if(resp.redirected == false &amp;&amp; resp.status == 502) {\n return NO_SUCH_SITE\n }\n else {\n return INSECURE_RESPONSE\n }\n }\n catch (e) {\n return new Response(`Something went wrong ${e}`, {status: 404})\n }\n}</pre></code>\n <p>The Worker itself is fairly simple, but let us walk through what it is doing, as there are a few noteworthy things in here.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"parsing-the-input\">Parsing the input</h3>\n <a href=\"#parsing-the-input\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>I initially thought about sending the input into the Worker in a POST. However, given the input was fairly simple, and requires no authentication, I decided it would be easier to pass in the domain in the query string.</p><p>Here, I instantiate a new URL object, which will handle all the URL parsing for us. Since I’m not using or modifying any other aspects of the URL, I’m performing all the functions on the object in one line. However, if I was looking at other parts such as the hostname, or path, it would have made sense for us to define a separate object.</p>\n <pre class=\"language-javascript\"><code class=\"language-javascript\"> let domain = new URL(request.url).searchParams.get(&#039;domain&#039;)\n if(domain === null) {\n return new Response(&#039;Please pass in domain via query string&#039;, {status: 404})\n }</pre></code>\n <p>The <code>URL.searchParams</code> property returns a <a href=\"https://developer.mozilla.org/en-US/docs/Web/API/URLSearchParams\">URLSearchParams</a> object, which allows us to <code>get</code> the value of the query string parameter we are looking for directly. In a situation when a parameter is not passed, we return an error response.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"making-the-subrequest\">Making the subrequest</h3>\n <a href=\"#making-the-subrequest\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Next, we will need to make a subrequest to the domain, and validate whether or not it redirects us to https.</p><p>On the <code>fetch</code>, we will also pass in the User-Agent header of the original request, as we have noticed some sites (for example google.com) will vary their responses for different User-Agents.</p>\n <pre class=\"language-javascript\"><code class=\"language-javascript\"> let resp = await fetch(`http://${domain}`, {headers: {‘User-Agent’: request.headers.get(‘User-Agent’)}})\n if(resp.redirected == true &amp;&amp; resp.url.startsWith(&#039;https&#039;)) {\n return SECURE_RESPONSE \n }\n else if(resp.redirected == false &amp;&amp; resp.status == 502) {\n return NO_SUCH_SITE\n }\n else {\n return INSECURE_RESPONSE\n }</pre></code>\n \n <div class=\"flex anchor relative\">\n <h3 id=\"following-redirects\">Following Redirects</h3>\n <a href=\"#following-redirects\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>When I initially wrote this Worker, I did more work than I really needed to. In order to cover the use-case of some websites redirecting to their canonical site first (<a href=\"http://example.com\">http://example.com</a> -&gt; <a href=\"http://www.example.com\">http://www.example.com</a>), and only then redirecting to https, I was inspecting the redirect URL, and making an additional subrequest to then inspect the outcome. As one of our engineers pointed out, I was doing all that extra work for nothing.</p><p>By default, when you make a new <code>fetch</code>, what actually happens behind the scenes is that the <code>redirect</code> property is set to <code>follow</code>. Thus <code>fetch(url)</code> is the same as <code>fetch(url, {redirect: “follow”})</code>. So when we are making the subrequest within the Worker, the final <code>resp.url</code> property we are inspecting will provide us with the final location of the redirect chain.</p><p>Somewhat unintuitively, the <code>event.request.redirect</code> property is by default set to <code>”manual”</code>. So if we carried over all the initial request properties in our subrequest, the redirect chain would not have been followed, or we would have had to explicitly override it.</p><p>There is a good reason for this default: it allows trivial, pass-through Cloudflare Workers to function correctly in situations where origins assume they are actually redirecting the client itself. One situation is when an HTTP redirect sends browsers to a non-HTTP URL, such as a <code>mailto:</code> link, which Service Workers have no ability to follow. The intended recipient of the redirect is clearly the browser in this case. Another situation arises when the origin needs the browser to update its navigation bar with a new URL (like when redirecting from HTTP to HTTPS!). If redirects are followed in a Cloudflare Service Worker before returning the resulting response to the browser, the browser will have no way of displaying the correct, redirected URL in the navigation bar.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"cors-headers\">CORS Headers</h3>\n <a href=\"#cors-headers\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <pre class=\"language-javascript\"><code class=\"language-javascript\"> let headers = new Headers({\n &#039;Content-Type&#039;: &#039;text/html&#039;,\n &#039;Access-Control-Allow-Origin&#039;: &#039;*&#039;\n })</pre></code>\n <p>As you may have noticed, in the static response, we are always adding a response header called <code>Access-Control-Allow-Origin</code>. <a href=\"https://en.wikipedia.org/wiki/Cross-origin_resource_sharing\">CORS headers</a> are meant to help protect origins from being accessed by other sites. If we tried to run our app directly on the client (from the browser side), the browser would enforce the CORS policies of the domains you were trying to test against, and block those requests. Setting <code>Access-Control-Allow-Origin</code> to <code>*</code> will allow this endpoint to be accessed from this blog, or any other sites trying to use it (if you are looking to embed it into your site, you can!). Otherwise, if the javascript on the blog post itself was making browser side calls to various domains, many requests would be blocked by the browser.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"testing-our-worker\">Testing our Worker</h3>\n <a href=\"#testing-our-worker\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>As I was building the Worker, I was using the preview UI to validate that I was on the right track at every step. The console output is really useful for simple debugging along the way.For example, to make sure the query string was getting parsed properly, I can <code>console.log(domain)</code>.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3rAXIaf2zY93aBHC6ucvdS/b67f0e290980ea0b5bac1bbdd248b677/workers_preview.png\" alt=\"workers_preview\" class=\"kg-image\" width=\"850\" height=\"660\" loading=\"lazy\"/>\n \n </figure><p>It’s hard to get code right on the first try, and it’s not always clear where things went wrong. While the Preview is not reflective of the end to end experience (there are many variables that may change once a request is going over the web), it’s a great developer tool to help validate progress along the way.</p><p>Once I got it all working in the preview, it was time for the real test: the cURL.</p>\n <pre class=\"language-bash\"><code class=\"language-bash\">curl https://secure.ritakozlov.com/?domain=cloudflare.com\nsecure\ncurl https://secure.ritakozlov.com/?domain=maxisacutecat.club\nnot secure</pre></code>\n <p>And it works! You may now test your site by running the same cURL from your machine and adjusting the domain parameter, or you can deploy the Worker above on your zone, and have your own testing endpoint.</p><p>To sum, Workers are great for building simple, stateless serverless apps (to add flare to your blog posts, and wayyyy beyond!). We are always curious to hear what you are building!</p><hr/><p><i>If you have a worker you&#39;d like to share, or want to check out workers from other Cloudflare users, visit the </i><a href=\"https://community.cloudflare.com/tags/recipe-exchange\"><i>“Recipe Exchange”</i></a><i> in the Workers section of the </i><a href=\"https://community.cloudflare.com/c/developers/workers\"><i>Cloudflare Community Forum</i></a><i>.</i></p>"],"published_at":[0,"2018-06-28T18:40:14.000+01:00"],"updated_at":[0,"2024-10-10T00:33:15.846Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/eLqguOeTtaIuT3agBG5oQ/4d984a6828c1786dcb48e0513f1a603b/delivering-a-serverless-api-in-10-minutes-using-workers.png"],"tags":[1,[[0,{"id":[0,"6hbkItfupogJP3aRDAq6v8"],"name":[0,"Cloudflare Workers"],"slug":[0,"workers"]}],[0,{"id":[0,"5cye1Bh5KxFh3pKSnX8Dsy"],"name":[0,"Serverless"],"slug":[0,"serverless"]}],[0,{"id":[0,"3skwJ34K0c3CEY1cNogR4n"],"name":[0,"Chrome"],"slug":[0,"chrome"]}],[0,{"id":[0,"1HblPaFreDjetoJDJPjTAi"],"name":[0,"SSL"],"slug":[0,"ssl"]}],[0,{"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"name":[0,"Security"],"slug":[0,"security"]}],[0,{"id":[0,"78aSAeMjGNmCuetQ7B4OgU"],"name":[0,"JavaScript"],"slug":[0,"javascript"]}],[0,{"id":[0,"5x72ei67SoD11VQ0uqFtpF"],"name":[0,"API"],"slug":[0,"api"]}],[0,{"id":[0,"4HIPcb68qM0e26fIxyfzwQ"],"name":[0,"Developers"],"slug":[0,"developers"]}],[0,{"id":[0,"3JAY3z7p7An94s6ScuSQPf"],"name":[0,"Developer Platform"],"slug":[0,"developer-platform"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Rita Kozlov"],"slug":[0,"rita"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/56u5zfWi9255rUocOgksl0/5eb2eb16e26893d259f7b00af85e8417/rita.png"],"location":[0,null],"website":[0,null],"twitter":[0,"@ritakozlov_"],"facebook":[0,null]}]]],"meta_description":[0,null],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Delivering a Serverless API in 10 minutes using Workers Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/delivering-a-serverless-api-in-10-minutes-using-workers"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,""]}]}],[0,{"id":[0,"2md7E1MxzPpLm5w37yYZFq"],"title":[0,"T-25 days until Chrome starts flagging HTTP sites as \"Not Secure\""],"slug":[0,"chrome-not-secure-for-http"],"excerpt":[0,"Less than one month from today, on July 23, Google will start prominently labeling any site loaded in Chrome without HTTPS as \"Not Secure\"."],"featured":[0,false],"html":[0,"<p>Less than one month from today, on July 24*, Google will start prominently labeling any site loaded in Chrome without HTTPS as &quot;<b>Not Secure</b>&quot;.</p><p>When we <a href=\"/https-or-bust-chromes-plan-to-label-sites-as-not-secure/\">wrote about</a> Google’s plans back in February, the percent of sites loaded over HTTPS clocked in at 69.7%. Just one year prior to that only 52.5% of sites were loaded using SSL/TLS—the encryption protocol behind HTTPS—so tremendous progress has been made.</p><p>Unfortunately, quite a few popular sites on the web still don’t support HTTPS (or fail to redirect insecure requests) and will soon be flagged by Google. I spent some time scanning the top one million sites, and here’s what I learned about the 946,039 reachable over plaintext (unencrypted) HTTP:</p>\n <figure class=\"kg-card kg-image-card \">\n <a href=/content/images/2018/06/http-infographic.png>\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3zcX4tP4T6W84IPJfm4UUR/836a1bdd934582fb992cd507130e76a4/http-infographic.png\" alt=\"\" class=\"kg-image\" width=\"1600\" height=\"955\" loading=\"lazy\"/>\n </a>\n </figure><p>If you were to ask the operators of these sites why they don’t protect themselves and their visitors with HTTPS, the responses you’d get could be bucketed into the following three groups: &quot;I don’t need it&quot;, &quot;it’s difficult to do&quot;, or &quot;it’s slow&quot;.</p><p>None of these are legitimate answers, but they’re common misconceptions so let’s take each in turn.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"myth-1-https-is-difficult-to-deploy\">Myth #1: \"HTTPS is difficult to deploy\"</h3>\n <a href=\"#myth-1-https-is-difficult-to-deploy\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <h4>For Individual Sites</h4><p>This was true.. in the mid 1990s, when I placed my first SSL certificate order. All that has changed.</p><p>Back then, I was a high school student writing software for my friend’s mom’s company. We were getting ready to launch her website and I learned that we needed something called an &quot;SSL certificate&quot; to transact securely online, but I had no idea how to get one.</p><p>After a bit of research conducted over my blazingly fast <a href=\"https://en.wikipedia.org/wiki/USRobotics#/media/File:Fax_modem_antigo.jpg\">US Robotics Sportster 14.4k</a> modem (we had recently upgraded from the relatively slow MultiTech 9600), I found out that we had to mail the company’s &quot;original&quot; Articles of Incorporation, emblazoned with the State Seal of Massachusetts and signed by company officers, along with a hefty check to some far away office. I asked her what to put for my title, so she shrugged and said &quot;CTO&quot; as that sounded more official and likely to get us approved. A week or so later, the CA <i>finally</i> emailed the certificate.</p><p>Thankfully, we’ve come a long way since then. Today, you can protect your site with HTTPS in a matter of seconds, for free, either by signing up for Cloudflare or using a CA such as Let’s Encrypt. If you use Cloudflare we’ll renew your certificate automatically, and store it within milliseconds of your users for optimal performance, using our <a href=\"https://www.cloudflare.com/network/\">150+ data centers</a> around the world. As an added benefit, once we’re handling your SSL/TLS traffic, you can start using technologies like <a href=\"/tag/workers/\">Cloudflare Workers</a> to implement any logic you want at the edge.</p><h4>For SaaS Providers</h4><p>While the &quot;it’s difficult&quot; excuse rings hollow for individual site operators, things do get a bit more challenging when you’re dealing with issuing (and regularly renewing) hundreds, thousands, or even millions of certificates. Such is the case for SaaS providers who write and deploy software on another company’s domain, e.g., <a href=\"https://blog.example.com\">https://blog.example.com</a> or <a href=\"https://mystore.example\">https://mystore.example</a>.</p><p>The reason that it can seem difficult to manage SSL certificates on behalf of other companies (putting aside performance and scale for a second), is that Certificate Authorities are only supposed to give out SSL certificates for hostnames where the requestor has &quot;demonstrated control&quot;. Fortunately, methods such as HTTP-based validation, i.e., placing a random token on a well-defined path that the CA can access, have reduced the burden on the end-customer to a single step.</p><p>For those that want the benefits of having an edge provider like Cloudflare in front of their servers for acceleration and protection, our <a href=\"https://www.cloudflare.com/ssl-for-saas-providers/\">SSL for SaaS</a> product reduces this process to a single API call. Alternatively, those that wish to handle their own issuance, renewal, certificate hosting, and DDoS protection, the HTTP validation method or <a href=\"https://github.com/ietf-wg-acme/acme/\">ACME protocol</a> can be used.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"myth-2-i-dont-need-https\">Myth #2: \"I don’t need HTTPS\"</h3>\n <a href=\"#myth-2-i-dont-need-https\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>This argument is the most puzzling to me, especially <a href=\"http://this.how/googleAndHttp/\">when spouted</a> by people who should know better. Even if you don’t care about performance—see myth #3 below—surely you care about the safety and privacy of those visiting your site.</p><p>Without HTTPS, anyone in the path between your visitor’s browser and your site or API can snoop on (or modify) your content without your consent. This includes <a href=\"https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country\">governments</a>, employers, and even especially <a href=\"https://arstechnica.com/tech-policy/2013/04/how-a-banner-ad-for-hs-ok/\">internet</a> <a href=\"http://forums.xfinity.com/t5/Customer-Service/Are-you-aware/td-p/3009551\">service</a> <a href=\"https://thehackernews.com/2016/02/china-hacker-malware.html\">providers</a>.</p><p>If you care about your users receiving your content unmodified and being safe from maliciously injected advertisements or malware, you care about—and must use—HTTPS.</p><p>Besides safety, there are additional benefits such as <a href=\"https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html\">SEO</a> and access to new web features: increasingly, the major browser vendors such as Apple, Google, Mozilla, and Microsoft, are <a href=\"https://bugzilla.mozilla.org/show_bug.cgi?id=1072859\">restricting functionality</a> to only work over HTTPS. As for mobile apps, Google will soon block <a href=\"https://android-developers.googleblog.com/2018/03/previewing-android-p.html\">unencrypted connections</a> by default, in their upcoming version of Android. Apple also <a href=\"https://developer.apple.com/videos/play/wwdc2016/706\">announced</a> (and will soon hopefully follow through on their requirement) that apps must use HTTPS.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"myth-3-https-is-slow\">Myth #3: \"HTTPS is slow\"</h3>\n <a href=\"#myth-3-https-is-slow\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Lastly, the other common myth about HTTPS is that it’s “slow”. This belief is a holdover from an era when SSL/TLS could actually have a negative performance impact on a site, but that&#39;s <a href=\"https://istlsfastyet.com/#cdn-paas\">no longer the case</a> today. In fact, HTTPS is required to enable and enjoy the performance benefits of HTTP/2.</p>\n <figure class=\"kg-card kg-image-card \">\n <a href=/content/images/2018/06/is-tls-fast-yet.png>\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4aiEaxmU31tRO3Uqb0F65H/27d5b717d21fc2a76e87981dc8d89b11/is-tls-fast-yet.png\" alt=\"\" class=\"kg-image\" width=\"1526\" height=\"786\" loading=\"lazy\"/>\n </a>\n </figure><p>Detractors typically think HTTPS is slow for two primary reasons: i) it takes marginally more CPU power to encrypt and decrypt data; and ii) establishing a TLS session takes two network round trips between the browser and the server.</p><p>Even with decade old hardware, SSL/TLS adds less than 1% of CPU load, as Adam Langley <a href=\"https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html\">explained</a> while debunking the HTTPS performance/cost myth. Today’s processors also come with instruction sets such as AES-NI, that help performance. Further, session resumption technologies reduce the TLS 1.2 overhead and TLS 1.3 aims to <a href=\"/introducing-0-rtt/\">eliminate these round-trips</a> entirely.</p><p>When HTTPS content is served from the edge, typically 10–20 milliseconds away from your users in the case of Cloudflare, SSL/TLS enabled sites are incredibly fast and performant. And even when they are not served from an edge provider it bears repeating that SSL/TLS is not a performance burden! There’s really no excuse not to use it.</p><h4>Will my site show “Not Secure” on July 23 24*?</h4><p>To help you determine if your site is ready for July 23 24*, we’ve built the handy widget shown at the top of the page. Simply type in your domain name (without explicitly specifying &quot;http://&quot; or &quot;https://&quot; to emulate what your visitors typically do) and hit enter.</p><p>Using a Cloudflare Worker, we’ll connect to your site and check to see if it’s redirected to a secure HTTPS link.</p><h4>How can I avoid my site showing &quot;Not Secure&quot;?</h4><p>If you&#39;d like to avoid your website showing &quot;Not Secure&quot; in Chrome, all you need to do is obtain an SSL certificate and configure your site to redirect all traffic to HTTPS.</p><p>If you&#39;re using Cloudflare, we’ll take care of the SSL certificate order and renewal for you; take a look at Troy Hunt&#39;s excellent video &quot;HTTPS Is Easy!&quot; series here: <a href=\"https://httpsiseasy.com/\">https://httpsiseasy.com/</a>. You should be sure to use the &quot;Always use HTTPS&quot; toggle to redirect HTTP visitors to HTTPS:</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3DWy4aBDklTs1ptQPKr3G8/14e7ef9849af6fb0a5aae8b601a89dae/always-use-https.png\" alt=\"always-use-https\" class=\"kg-image\" width=\"1758\" height=\"442\" loading=\"lazy\"/>\n \n </figure><p>Advanced users should also consider <a href=\"https://support.cloudflare.com/hc/en-us/articles/204183088-Does-Cloudflare-offer-HSTS-HTTP-Strict-Transport-Security-\">using HSTS</a> to instruct the browser to always load your content over HTTPS, saving it a round trip (and page load time) on subsequent requests. And by turning on <a href=\"/fixing-the-mixed-content-problem-with-automatic-https-rewrites/\">Automatic HTTPS Rewrites</a>, you can also rewrite any content that would normally be loaded over HTTP to use HTTPS (if available):</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/29wEVaj8lNfDcfAqpSq8Ms/02351641a576ec39139199c89402e345/automatic-https-rewrites.png\" alt=\"automatic-https-rewrites\" class=\"kg-image\" width=\"1894\" height=\"446\" loading=\"lazy\"/>\n \n </figure><p>If you&#39;re trying to protect your customers&#39; vanity domains that are pointed to your SaaS application, <a href=\"https://www.cloudflare.com/ssl-for-saas-providers/\">reach out</a>, and we can help you with this process.</p><h4>Want to help us secure the web with HTTPS?</h4><p>The team that manages HTTPS and SSL certificate issuance at Cloudflare is hiring, in both Engineering and Product Management. Check out our open positions here:</p><ul><li><p><a href=\"https://boards.greenhouse.io/cloudflare/jobs/982340?gh_jid=982340\">Product Manager, SSL/TLS and Crypto</a></p></li><li><p><a href=\"https://boards.greenhouse.io/cloudflare/jobs/589508?gh_jid=589508\">Web Services Engineer</a></p></li><li><p><a href=\"https://boards.greenhouse.io/cloudflare/jobs/589507?gh_jid=589507\">Security Software Engineer</a></p></li><li><p><a href=\"https://boards.greenhouse.io/cloudflare/jobs/936927?gh_jid=936927\">Full Stack Engineer</a></p></li></ul><hr/><p><i>If you have a worker you&#39;d like to share, or want to check out workers from other Cloudflare users, visit the </i><a href=\"https://community.cloudflare.com/tags/recipe-exchange\"><i>“Recipe Exchange”</i></a><i> in the Workers section of the </i><a href=\"https://community.cloudflare.com/c/developers/workers\"><i>Cloudflare Community Forum</i></a><i>.</i></p><p>* After this post was published Google pushed the release back one day, to the 24th.</p>"],"published_at":[0,"2018-06-28T14:00:00.000+01:00"],"updated_at":[0,"2025-02-28T09:27:57.512Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/KiLkByt9ddVFFYUalQgsf/a8b9684d37bd83b458825cbbdca080e0/chrome-not-secure-for-http.png"],"tags":[1,[[0,{"id":[0,"5US4l4wdDysuDpZ4ktL3yP"],"name":[0,"HTTPS"],"slug":[0,"https"]}],[0,{"id":[0,"3skwJ34K0c3CEY1cNogR4n"],"name":[0,"Chrome"],"slug":[0,"chrome"]}],[0,{"id":[0,"5cye1Bh5KxFh3pKSnX8Dsy"],"name":[0,"Serverless"],"slug":[0,"serverless"]}],[0,{"id":[0,"6hbkItfupogJP3aRDAq6v8"],"name":[0,"Cloudflare Workers"],"slug":[0,"workers"]}],[0,{"id":[0,"4HIPcb68qM0e26fIxyfzwQ"],"name":[0,"Developers"],"slug":[0,"developers"]}],[0,{"id":[0,"3JAY3z7p7An94s6ScuSQPf"],"name":[0,"Developer Platform"],"slug":[0,"developer-platform"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Patrick R. Donahue"],"slug":[0,"patrick"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1LQFonIW7hvlt7UKRMOzlk/268d04eef37cd375ab2063158e74dea2/patrick.png"],"location":[0,"San Francisco, CA"],"website":[0,"https://www.cloudflare.com"],"twitter":[0,"@prdonahue"],"facebook":[0,null]}]]],"meta_description":[0,"Less than one month from today, on July 23, Google will start prominently labeling any site loaded in Chrome without HTTPS as \"Not Secure\"."],"primary_author":[0,{}],"localeList":[0,{"name":[0,"T-25 days until Chrome starts flagging HTTP sites as \"Not Secure\" Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/chrome-not-secure-for-http"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,""]}]}],[0,{"id":[0,"4iFdDq3WAVTVzSMyt4x6QO"],"title":[0,"HTTPS or bust: Chrome’s plan to label sites as \"Not Secure\""],"slug":[0,"https-or-bust-chromes-plan-to-label-sites-as-not-secure"],"excerpt":[0,"Google just announced that beginning in July 2018, with the release of Chrome 68, web pages loaded without HTTPS will be marked as “not secure”. More than half of web visitors will soon see this warning when visiting unencrypted HTTP sites."],"featured":[0,false],"html":[0,"<p>Google <a href=\"https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html\">just announced</a> that beginning in July 2018, with the release of Chrome 68, web pages loaded without HTTPS will be marked as “not secure”.</p><p>More than half of web visitors will soon see this warning when browsing unencrypted HTTP sites, according to data from Cloudflare’s edge that shows 56.62% of desktop requests originate from Chrome. Users presented with this warning will be less likely to interact with these sites or trust their content, so it’s imperative that site operators not yet using HTTPS have a plan to do so by July.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5V9DjMCaycXsrWiaHH6Ayx/d6a6ea538e1e0d4898e950fb097af486/chrome68.png\" alt=\"chrome68\" class=\"kg-image\" width=\"640\" height=\"231\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"how-did-we-get-here-and-why\">How did we get here (and why)?</h3>\n <a href=\"#how-did-we-get-here-and-why\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>To those who have followed the Chrome team’s public statements, this announcement comes as no surprise. Google has been gearing up for this change since 2014, as Chrome boss Parisa Tabriz <a href=\"https://twitter.com/laparisa/status/961925743121977346\">tweeted</a> and Chris Palmer <a href=\"https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/DHQLv76QaEM%5B1-25%5D\">memorialized</a> in a widely distributed email. While this step is an important and potentially jarring one for users, it’s by no means the last step that Google will take to influence website administrator behavior for the better.</p><p>But why are they making this change (now)? Google’s primary motivation for driving HTTPS adoption is simple: a safe browsing experience is good for business. Users that feel safe on the web spend more time viewing and interacting with ads and other services that Google gets paid to deliver. (To be clear: these motivations do not in any way diminish the outstanding work of the Chrome team, whose members are passionate about protecting users for a myriad of non-business reasons. We applaud their efforts in making the web a safer place and are excited to see other browsers follow their lead.)</p><p>Google must feel the time is right to make the change thanks to HTTPS page loads continuing to climb steadily and minimal fallout from their <a href=\"#importantmilestonestowardshttpsubiquityalongsidepercentofpageloadsusinghttps\">previous, incremental steps</a>. Emily Schechter, the Chrome Security Product Manager who announced the change, <a href=\"https://twitter.com/emschec/status/961719363223957504\">writes</a>: “we believe https usage will be high enough by july [2018] that this will be OK”. Currently, the ratio of user interaction with secure origins to non-secure sits at 69.7%; five months ago it was just 62.5% and thus it’s easy to imagine Chris Palmer’s <a href=\"https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/DHQLv76QaEM%5B1-25%5D\">suggested threshold of 75%</a> will have been met by July.</p><p>Such a change would have been far too disruptive just one year ago, but thanks to the efforts of Google and other participants in the webPKI ecosystem (including Cloudflare), a path has been paved towards 100% adoption. Today, HTTPS is <a href=\"https://istlsfastyet.com/#cdn-paas\">fast</a>, simple to deploy, and cost-effective if not free—and there’s no longer an excuse for not using SSL/TLS. Even static sites need encryption to prevent malicious third-parties from <a href=\"https://www.wired.com/2014/10/verizons-perma-cookie/\">tracking your users</a> or <a href=\"https://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad-injections-threaten-security-net-neutrality/\">injecting ads</a> into your site.</p><h4>Important milestones towards HTTPS ubiquity, alongside percent of page loads using HTTPS</h4><table class=\"table-with-last-column-right-aligned\">\n <tbody>\n <tr>\n <th width=\"15%\">Date\n </th><th width=\"70%\">Action\n </th><th width=\"15%\">% HTTPS<sup>1</sup>\n </th></tr>\n <tr>\n <td>2H 2013</td>\n <td>NSA: Edward Snowden releases thousands of pages of classified documents, confirming that the NSA has been passively collecting plaintext communication. At the time, very few sites used HTTPS by default, including the traffic between Google's data centers, making it far easier for these communications to be monitored.</td>\n <td>~25%</td>\n </tr>\n <tr>\n <td>2014/08/06</td>\n <td>Google publishes a <a href=\"https://security.googleblog.com/2014/08/https-as-ranking-signal_6.html\">blog post</a> disclosing that they're starting to use the availability of a site over HTTPS as a positive ranking signal for SEO purposes.</td>\n <td>31.7%</td>\n </tr>\n <tr>\n <td>2014/09/24</td>\n <td>Cloudflare <a href=\"https://blog.cloudflare.com/introducing-universal-ssl\">announces</a> Universal SSL, which provides [free SSL certificates](https://www.cloudflare.com/application-services/products/ssl/) and SSL/TLS termination to the then-two million sites on our network.</td>\n <td>31.8%</td>\n </tr>\n <tr>\n <td>2014/12/12</td>\n <td>Google's Chris Palmer <a href=\"https://groups.google.com/a/chromium.org/forum/%23!topic/blink-dev/DHQLv76QaEM%255B1-25%255D\">emails</a> blink-dev with \"Proposal: Marking HTTP As Non-Secure\". This original proposal has been memorialized <a href=\"https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure\">here</a>.</td>\n <td>32.3%</td>\n </tr>\n <tr>\n <td>2015/02/26</td>\n <td>Google's Joel Weinberger <a href=\"https://groups.google.com/a/chromium.org/forum/%23!msg/blink-dev/2LXKVWYkOus/gT-ZamfwAKsJ\">emails</a> the blink-dev mailing list with an \"Intent to deprecate\" for certain features unless used with secure origins (i.e., HTTPS). Initially this list includes: device motion/orientation, EME, fullscreen, geolocation, and getUserMedia.</td>\n <td>33.7%</td>\n </tr>\n <tr>\n <td>2015/04/30</td>\n <td>Mozilla's Richard Barnes <a href=\"https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http\">publishes</a> \"Deprecating Non-Secure HTTP\", announcing Mozilla's intent to eventually \"phase out non-secure HTTP\" from Firefox.</td>\n <td>35.4%</td>\n </tr>\n <tr>\n <td>2015/10/19</td>\n <td>ISRG's Josh Aas <a href=\"https://letsencrypt.org/2015/10/19/lets-encrypt-is-trusted.html\">announces</a> that Let's Encrypt, a new free CA, is now trusted by all major browsers, thanks to a cross-sign from IdenTrust.</td>\n <td>37.9%</td>\n </tr>\n <tr>\n <td>2015/12/03</td>\n <td>Let's Encrypt <a href=\"https://letsencrypt.org/2015/12/03/entering-public-beta.html\">officially launches</a> into public beta.</td>\n <td>39.5%</td>\n </tr>\n <tr>\n <td>2016/06/14</td>\n <td>Apple <a href=\"https://developer.apple.com/videos/play/wwdc2016/706\">announces</a> at WWDC16 that, by the end of 2016, the App Store will require that applications be built with App Transport Security (ATS) in order to be accepted. ATS prohibits the use of plaintext HTTP and thus helps drive the adoption of HTTPS.</td>\n <td>45.0%</td>\n </tr>\n <tr>\n <td>2016/06/22</td>\n <td>Google's Adriana Porter Felt et al. present <a href=\"https://www.usenix.org/system/files/conference/soups2016/soups2016-paper-porter-felt.pdf\">Rethinking Connection Security Indicators</a> at USENIX's Twelfth Symposium On Usable Privacy and Security. In this paper Adriana and team \"select and propose three indicators\", which have already been adopted by Chrome (including the \"Not secure\" label).</td>\n <td>45.1%</td>\n </tr>\n <tr>\n <td>2016/09/08</td>\n <td>Google's Emily Schechter publishes <a href=\"https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html\">Moving towards a more secure web</a>, in which she writes that \"Beginning in January 2017 (Chrome 56), we'll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.\"\n<img src=\"https://blog.cloudflare.com/content/images/2018/02/chrome56.png\">\n<p>She also reiterates Google's plan to eventually \"label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.\"</p>\n<img src=\"https://blog.cloudflare.com/content/images/2018/02/chrome-eventual.png\">\n</td>\n<td>44.8%</td>\n</tr>\n<tr>\n<td>2017/01/20</td>\n<td>Mozilla: A <a href=\"https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http\">post</a> on the Mozilla Security Blog titled Communicating the Dangers of Non-Secure HTTP informs users that in upcoming releases, Firefox will show an in-context message when a user clicks into a username or password field on a page that doesn't use HTTPS\". Firefox's in-context warnings are even more prominent than those implemented by Chrome.\n<img src=\"https://blog.cloudflare.com/content/images/2018/02/firefox-inline.png\">\n</td>\n<td>50.78%</td>\n</tr>\n <tr>\n <td>2017/01/31</td>\n <td>Google: As announced in September of 2016, Chrome 56 begins marking pages as \"Not secure\" if they i) contain a password field or ii) if a user interacts with a credit card field.</td>\n <td>51.9%</td>\n </tr>\n <tr>\n <td>2017/03/30</td>\n <td>Cloudflare: To assist SaaS providers in driving HTTPS adoption for their customers' custom/vanity domains, Cloudflare announces our <a href=\"https://www.cloudflare.com/ssl-for-saas-providers/\">SSL for SaaS Provider</a> offering. Historically, it has been difficult and time consuming for SaaS providers to obtain (and renew) SSL certificates on behalf of their end-users, and thus very few offered free SSL for all customers.</td>\n <td>55.1%</td>\n </tr>\n <tr>\n <td>2017/04/27</td>\n <td>Google's Emily Schecter <a href=\"https://blog.chromium.org/2017/04/next-steps-toward-more-connection.html\">announces</a> that \"Beginning in October 2017, Chrome will show the \"Not secure\" warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.\"\n<img src=\"https://blog.cloudflare.com/content/images/2018/02/chrome62.png\">\n</td>\n <td>56.3%</td>\n </tr>\n <tr>\n <td>2018/01/15</td>\n <td>Mozilla's Anne van Kesteren <a href=\"https://blog.mozilla.org/security/2018/01/15/secure-contexts-everywhere\">publishes</a> a blog post \"Secure Contexts Everywhere\" in which he explains that \"effective immediately, all new features that are web-exposed are to be restricted to secure contexts\".</td>\n <td>69.9%</td>\n </tr>\n <tr>\n <td>2018/02/08</td>\n <td>Google's Emily Schecter <a href=\"https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html\">writes</a> that \"Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as \"not secure\".\n<img src=\"https://blog.cloudflare.com/content/images/2018/02/chrome68-1.png\">\n</td>\n <td>69.7%</td>\n </tr>\n </tbody>\n</table><p><sup>1</sup> % of pages loaded over HTTPS by Firefox, 14-day moving average. Source: Firefox Telemetry <a href=\"https://docs.telemetry.mozilla.org/datasets/other/ssl/reference.html\">data</a> and <a href=\"https://letsencrypt.org/stats/\">Let&#39;s Encrypt</a>. Google also publishes figures on Chrome: <a href=\"https://transparencyreport.google.com/https/overview.\">https://transparencyreport.google.com/https/overview.</a></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"whats-coming-next-what-should-i-expect-after-july-2018\">What’s coming next? What should I expect after July 2018?</h3>\n <a href=\"#whats-coming-next-what-should-i-expect-after-july-2018\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The &quot;lock&quot; in the address bar was always about motivating sites to migrate to HTTPS, but along the way <a href=\"http://www.usablesecurity.org//emperor/emperor.pdf\">studies</a> <a href=\"https://www.usenix.org/system/files/conference/soups2016/soups2016-paper-porter-felt.pdf\">showed</a> that positive trust indicators don’t work. Google’s introduction of &quot;Not secure&quot; is one important step towards the ultimate goal of deprecating HTTP, but as mentioned earlier, will not be their last.</p><p>We expect Google’s assault on HTTP to continue throughout the year, culminating with an announcement that the lock will be removed entirely (and replaced by a negative indicator shown only when a site does not utilize HTTPS). Below is some additional detail on this expected next step, along with some additional predictions for the webPKI ecosystem.</p><h4>1. Google will announce the lock icon’s demise in 2018 and remove it in January 2019 with the release of Chrome 72</h4><p>Chris Palmer’s <a href=\"https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/DHQLv76QaEM%5B1-25%5D\">email to blink-dev</a> in 2014 included this &quot;strawman proposal&quot; for introducing negative indicators and phasing out the marking of secure origins entirely:</p><blockquote><p>Secure &gt; 65%: Non-secure origins marked as DubiousSecure &gt; 75%: Non-secure origins marked as Non-secureSecure &gt; 85%: Secure origins unmarked</p></blockquote><p>True to plan, Chrome 68 will go stable right around the time HTTPS page loads reach 75%. (Our initial forecast for this date, based on connections to our edge and telemetry data from Firefox, was 74.8%; however, we expect last week’s Chrome announcement to accelerate this ratio to &gt;75% before July 24.)</p><p>Looking forward, the <a href=\"https://www.chromium.org/developers/calendar\">estimated stable dates</a> for future Chrome releases are as follows:</p><ul><li><p>Chrome 69 – September 4, 2018</p></li><li><p>Chrome 70 – October 16, 2018</p></li><li><p>Chrome 71 – December 4, 2018</p></li></ul><p>At approximately 6-7 weeks between stable releases, Chrome 72 should hit sometime in late January 2019. By this time, we expect HTTPS page loads to be &gt;85%, a high enough ratio where Google can be confident the change won’t be too disruptive. Given the significance of this UI change we expect they’ll announce it sometime in mid 2018.</p><h4>2. Firefox will soon announce their own schedule for marking insecure origins</h4><p>Google is not the only major browser taking steps to drive the web to HTTPS only.</p><p>Back in April 2015, the Mozilla team <a href=\"https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/\">announced</a> their intent to (eventually) deprecate HTTP. Since then, Firefox has adopted <a href=\"https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/\">similar UI indications</a> to Chrome for pages with passwords, <a href=\"https://blog.mozilla.org/security/2018/01/15/secure-contexts-everywhere/\">announced</a> that “all new features that are web-exposed are to be restricted to secure contexts”, and merged (default disabled) <a href=\"https://bugzilla.mozilla.org/show_bug.cgi?id=1310447\">code</a> to mark sites loaded over HTTP as “not secure”.</p><p>Beginning in Firefox 59, this “not secure” labeling can be manually enabled (instructions shown below), but no date has officially been set by Mozilla for when this will turned on by default. We expect them to announce a date shortly.</p><h4>3. Microsoft and Apple will continue to lag Google and Mozilla, but will start to enact similar changes</h4><p>Historically, Microsoft and Apple have moved slower in adopting new browser security policies due in part to the fact they release (and update) their browsers far less frequently than Google and Mozilla.</p><p>However, Apple in the past shown shown leadership in driving HTTPS adoption, as can be seen by their <a href=\"https://developer.apple.com/videos/play/wwdc2016/706\">WWDC2016 announcement</a> requiring iOS applications to use ATS and TLS 1.2. Our hope is that Microsoft and Apple follow Google and Mozilla’s lead as Edge, IE, and Safari collectively represent almost 20% of the desktop requests hitting Cloudflare’s edge.</p><h4>4. Browsers will start attempting connections over HTTPS before trying HTTP</h4><p>Analogous to how Apple <a href=\"https://www.ietf.org/mail-archive/web/v6ops/current/msg22455.html\">prioritizes IPv6 over IPv4</a>, major browsers will start to try addresses entered without a scheme over HTTPS before falling back to HTTP. The Google Chrome team has <a href=\"https://twitter.com/emschec/status/961748992051720192\">already indicated</a> they plan to do this, and we expect (hope!) they’ll announce a timeline for this change sometime in 2018.</p><h4>5. More CAs (including nascent ones) will follow Let’s Encrypt’s lead in issuing free certs using the ACME protocol</h4><p>One of the primary complaints from site operators as they react to Chrome and Firefox’s user-facing changes (with the potential to affect their traffic) is that “SSL certificates are expensive”. Even though Cloudflare began issuing free certificates for our reverse proxy users in late 2014 and Let’s Encrypt followed not too long after, there still aren’t many other easy, free options available.</p><p>We expect that additional CAs will begin to embrace the <a href=\"https://github.com/ietf-wg-acme/acme/blob/master/draft-ietf-acme-acme.md\">ACME protocol</a> for validation and issuance, helping to harden the protocol and increase its adoption. We further expect that new, free-of-charge CAs will enter the market and at least one will be operated by a large, well-funded incumbent such as Google.</p><h4>6. The CA/B Forum will vote in 2018 to further reduce certificate lifetimes from 27 months to 18 months or less, encouraging more automation</h4><p>The CA/Browser Forum is a group of CAs and browsers that collaborate on (among other things) a document known as the &quot;<a href=\"https://cabforum.org/baseline-requirements-documents/\">Baseline Requirements</a>&quot; or the &quot;BRs&quot;. These BRs dictate the minimum requirements that CAs are to adhere to, and a <a href=\"https://cabforum.org/2017/03/17/ballot-193-825-day-certificate-lifetimes/\">recent change</a> to them goes into affect March 1, 2018; as of that date, the maximum validity period for a certificate drops from 39 months to ~27 months (825 days).</p><p>The <a href=\"https://cabforum.org/pipermail/public/2017-January/009373.html\">initial proposal</a>, by Ryan Sleevi of Google, was to reduce the lifetime to 12 months, but this was met with strong opposition by the CAs (outside of Let&#39;s Encrypt which already caps lifetimes at 3 months and DigiCert who supported 13 months). A compromise was reached and goes into affect shortly, but we expect this topic to come to a vote again for either 18 or 13 months. CAs will again likely oppose this cap (with a few exceptions for the more automated ones), but browsers and root trust store operators may force the change anyway as it strengthens user security.</p><p>As site operators manually replace their expiring 3 year certificates, our hope and expectation is that they see the <a href=\"https://www.cloudflare.com/application-services/solutions/certificate-lifecycle-management/\">benefits and ease of automating the certificate lifecycle</a>, encouraging them to deploy HTTPS more broadly across their organizations.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"ok-i-understand-whats-going-to-happen-but-how-can-i-tell-now-if-my-site-is-going-to-show-a-warning-in-july\">OK, I understand what’s going to happen, but how can I tell now if my site is going to show a warning in July?</h3>\n <a href=\"#ok-i-understand-whats-going-to-happen-but-how-can-i-tell-now-if-my-site-is-going-to-show-a-warning-in-july\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The simplest way to tell if your site will soon show a &quot;Not secure&quot; label is by viewing it in a current version of Chrome or Firefox. If you do not see a lock, your site will soon have a more ominous warning. To get a preview of this warning, you can try browsing your site with a development version of either of these browsers by following the instructions below.</p><h4>Chrome</h4><ul><li><p>Use Chrome 65 or later.</p><ul><li><p>The easiest way to do this is to install Chrome Canary, which runs bleeding edge builds. Alternatively, you can install the <a href=\"https://www.chromium.org/getting-involved/dev-channel\">dev channel</a> alongside stable, but this can be confusing to launch as the applications look identical.</p></li></ul></li><li><p>Browse to chrome://flags/#enable-mark-http-as.</p></li><li><p>Change the setting from Default to Enabled and click the RELAUNCH NOW button.</p></li><li><p>Browse to a site that does not use HTTPS, such as neverssl.com.</p></li></ul>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3cOV0Q8QiU8jqO67Xup8Xx/f512efbc4cf0bdfe05421bd0cc8715a5/chrome-notsecure.png\" alt=\"chrome-notsecure\" class=\"kg-image\" width=\"686\" height=\"119\" loading=\"lazy\"/>\n \n </figure><h4>Firefox</h4><p><i>Firefox has not announced a date yet when this change will go into effect, but you can preview what it will look like when they do.</i></p><ul><li><p>Use Firefox 59 or later.</p><ul><li><p>You will need to download <a href=\"https://www.mozilla.org/en-US/firefox/channel/desktop/\">Firefox Nightly</a> to use this version.</p></li></ul></li><li><p>Enter &quot;about:config&quot; in the address bar.</p></li><li><p>Click &quot;I accept the risk!&quot; to view the advanced config.</p></li><li><p>Search for “security.insecure_connection” and flip all false values to true.</p></li><li><p>Browse to a site that does not use HTTPS, such as neverssl.com.</p></li></ul>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3bPwidy9MV9bCyAVA9B2sx/aa889fece5a08cad5964376e34f14cc6/firefox-notsecure.png\" alt=\"firefox-notsecure\" class=\"kg-image\" width=\"624\" height=\"128\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"what-can-i-do-to-avoid-this-warning\">What can I do to avoid this warning?</h3>\n <a href=\"#what-can-i-do-to-avoid-this-warning\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Quite simply, all you need to do to avoid this warning is protect your site with HTTPS using a valid SSL certificate. Cloudflare makes it <a href=\"https://www.cloudflare.com/ssl\">incredibly simple</a> to do this.</p><p>If you sign up with us and point your nameservers to Cloudflare, we take care of the rest for free: validating your domain with one of our Certificate Authority partners, issuing a certificate that covers the apex of your domain and any subdomains (e.g., example.com and *.example.com), deploying that certificate to our 120+ data centers around the world for optimal performance, and renewing the certificate automatically when needed.</p><p>If you’re not able to sign up with us directly, for example you’re using a subdomain of a SaaS provider that has not yet deployed HTTPS for all users, you may want to suggest they look at our <a href=\"https://www.cloudflare.com/ssl-for-saas-providers/\">SSL for SaaS Providers</a> offering.</p><p>Lastly, if you want to help others avoid these warnings, we&#39;re hiring Software Engineers and Product Managers on the Security Engineering team at Cloudflare. Check out our open positions <a href=\"https://www.cloudflare.com/careers/departments/\">here</a> and come help us drive HTTPS adoption to 100%!</p>"],"published_at":[0,"2018-02-14T20:00:00.000+00:00"],"updated_at":[0,"2024-11-05T18:20:13.650Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5QyDVDc9XXIORrcVqmVA9X/740d56923d90aa5392314133d82c1b25/https-or-bust-chromes-plan-to-label-sites-as-not-secure.png"],"tags":[1,[[0,{"id":[0,"5US4l4wdDysuDpZ4ktL3yP"],"name":[0,"HTTPS"],"slug":[0,"https"]}],[0,{"id":[0,"1HblPaFreDjetoJDJPjTAi"],"name":[0,"SSL"],"slug":[0,"ssl"]}],[0,{"id":[0,"3skwJ34K0c3CEY1cNogR4n"],"name":[0,"Chrome"],"slug":[0,"chrome"]}],[0,{"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"name":[0,"Security"],"slug":[0,"security"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Patrick R. Donahue"],"slug":[0,"patrick"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1LQFonIW7hvlt7UKRMOzlk/268d04eef37cd375ab2063158e74dea2/patrick.png"],"location":[0,"San Francisco, CA"],"website":[0,"https://www.cloudflare.com"],"twitter":[0,"@prdonahue"],"facebook":[0,null]}]]],"meta_description":[0,"Google just announced that beginning in July 2018, with the release of Chrome 68, web pages loaded without HTTPS will be marked as “not secure”. More than half of web visitors will soon see this warning when visiting unencrypted HTTP sites."],"primary_author":[0,{}],"localeList":[0,{"name":[0,"HTTPS or bust: Chrome’s plan to label sites as \"Not Secure\" Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/https-or-bust-chromes-plan-to-label-sites-as-not-secure"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,""]}]}],[0,{"id":[0,"41Lr8xZtaEnIidX8Q0fvEX"],"title":[0,"Privacy Pass - “The Math”"],"slug":[0,"privacy-pass-the-math"],"excerpt":[0,"During a recent internship at Cloudflare, I had the chance to help integrate support for improving the accessibility of websites that are protected by the Cloudflare edge network. "],"featured":[0,false],"html":[0,"<p><i>This is a guest post by Alex Davidson, a PhD student in Cryptography at Royal Holloway, University of London, who is part of the team that developed </i><a href=\"https://privacypass.github.io\"><i>Privacy Pass</i></a><i>. Alex worked at Cloudflare for the summer on deploying Privacy Pass on the Cloudflare network</i>.</p><p>During a recent internship at Cloudflare, I had the chance to help integrate support for improving the accessibility of websites that are protected by the Cloudflare edge network. Specifically, I helped develop an open-source browser extension named ‘Privacy Pass’ and added support for the Privacy Pass protocol within Cloudflare infrastructure. Currently, Privacy Pass works with the Cloudflare edge to help honest users to reduce the number of Cloudflare CAPTCHA pages that they see when browsing the web. However, the operation of Privacy Pass is not limited to the Cloudflare use-case and we envisage that it has applications over a wider and more diverse range of applications as support grows.</p><p>In summary, this browser extension allows a user to generate cryptographically ‘blinded’ tokens that can then be signed by supporting servers following some receipt of authenticity (e.g. a CAPTCHA solution). The browser extension can then use these tokens to ‘prove’ honesty in future communications with the server, without having to solve more authenticity challenges.</p><p>The ‘blind’ aspect of the protocol means that it is infeasible for a server to link tokens token that it signs to tokens that are redeemed in the future. This means that a client using the browser extension should not compromise their own privacy with respect to the server they are communicating with.</p><p>In this blog post we hope to give more of an insight into how we have developed the protocol and the security considerations that we have taken into account. We have made use of some interesting and modern cryptographic techniques that we believe could have a future impact on a wide array of problems.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"previously\">Previously…</h3>\n <a href=\"#previously\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The research team released a specification last year for a “blind signing” protocol (very similar to the original proposal of <a href=\"#Cha82\">Chaum</a> using a variant of RSA known as ‘blind RSA’. Blind RSA simply uses the homomorphic properties of the textbook RSA signature scheme to allow the user to have messages signed <i>obliviously</i>. Since then, George Tankersley and Filippo Valsorda gave a talk at <a href=\"https://youtu.be/GqY7YUv8b5Y\">Real World Crypto 2017</a> explaining the idea in more detail and how the protocol could be implemented. The intuition behind a blind signing protocol is also given in <a href=\"/cloudflare-supports-privacy-pass\">Nick’s blog post</a>.</p><p>A blind signing protocol between a server A and a client B roughly takes the following form:</p><ul><li><p>B generates some value <code>t</code> that they require a signature from A for.</p></li><li><p>B calculates a ‘blinded’ version of <code>t</code> that we will call <code>bt</code></p></li><li><p>B sends <code>bt</code> to A</p></li><li><p>A signs <code>bt</code> with their secret signing key and returns a signature <code>bz</code> to B</p></li><li><p>B receives <code>bz</code> and ‘unblinds’ to receive a signature <code>z</code> for value <code>t</code>.</p></li></ul><p>Due to limitations arising from the usage of RSA (e.g. large signature sizes, slower operations), there were efficiency concerns surrounding the extra bandwidth and computation time on the client browser. Fortunately, we received a lot of feedback from many notable individuals (full acknowledgments below). In short, this helped us to come up with a protocol with much lower overheads in storage, bandwidth and computation time using elliptic curve cryptography as the foundation instead.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"elliptic-curves-a-very-short-introduction\">Elliptic curves (a very short introduction)</h3>\n <a href=\"#elliptic-curves-a-very-short-introduction\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>An elliptic curve is defined over a finite field modulo some prime <code>p</code>. Briefly, an <code>(x,y)</code> coordinate is said to lie on the curve if it satisfies the following equation:</p><p><code>y^2 = x^3 + a*x + b (modulo p)</code></p><p>Nick Sullivan wrote an introductory <a href=\"/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/\">blog post</a> on the use of elliptic curves in cryptography a while back, so this may be a good place to start if you’re new to the area.</p><p>Elliptic curves have been studied for use in cryptography since the independent works of Koblitz and Miller (1984-85). However, EC-based ciphers and signature algorithms have rapidly started replacing older primitives in the Internet-space due to large improvements in the choice of security parameters available. What this translates to is that encryption/signing keys can be much smaller in EC cryptography when compared to more traditional methods such as RSA. This comes with huge efficiency benefits when computing encryption and signing operations, thus making EC cipher suites perfect for use on an Internet-wide scale.</p><p>Importantly, there are many different elliptic curve configurations that are defined by the choice of <code>p</code>, <code>a</code> and <code>b</code> for the equation above. These prevent different security and efficiency benefits; some have been standardized by NIST. In this work, we will be using the NIST specified <a href=\"https://csrc.nist.gov/publications/detail/fips/186/4/final\">P256 curve</a>, however, this choice is largely agnostic to the protocol that we have designed.</p><h4>Blind signing via elliptic curves</h4><p>Translating our blind signing protocol from RSA to elliptic curves required deriving a whole new protocol. Some of the suggestions pointed out cryptographic constructions known as “oblivious pseudorandom functions”. A pseudorandom function or PRF is a mainstay of the traditional cryptographic arsenal and essentially takes a key and some string as input and outputs some cryptographically random value.</p><p>Let F be our PRF, then the security requirement on such a function is that evaluating:</p><p><code>y = F(K,x)</code></p><p>is indistinguishable from evaluating:</p><p><code>y’ = f(x)</code></p><p>where f is a randomly chosen function with outputs defined in the same domain as <code>F(K,-)</code>. Choosing a function f at random undoubtedly leads to random outputs, however for <code>F</code>, randomness is derived from the choice of key <code>K</code>. In practice, we would instantiate a PRF using something like HMAC-SHA256.</p><h4>Oblivious PRFs</h4><p>An oblivious PRF (OPRF) is actually a protocol between a server S and a client C. In the protocol, S holds a key <code>K</code> for some PRF <code>F</code> and C holds an input <code>x</code>. The security goal is that C receives the output <code>y = F(K,x)</code> without learning the key <code>K</code> and S does not learn the value <code>x</code>.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5LG1M3dg4OwiUYd1TFWIWJ/8e26d23ae4dd905c599cece4cf9c1cbd/image3-1.png\" alt=\"\" class=\"kg-image\" width=\"600\" height=\"400\" loading=\"lazy\"/>\n \n </figure><p>It may seem difficult to construct such a functionality without revealing the input x or the key K. However, there are numerous (and very efficient) constructions of OPRFs with applications to many different cryptographic problems such as <a href=\"https://eprint.iacr.org/2016/799\">private set intersection</a>, <a href=\"https://eprint.iacr.org/2016/144\">password-protected secret-sharing</a> and <a href=\"http://webee.technion.ac.il/~hugo/sphinx.pdf\">cryptographic password storage</a> to name a few.</p><h4>OPRFs from elliptic curves</h4><p>A simple instantiation of an OPRF from elliptic curves was given by Jarecki et al. <a href=\"#jkk14\">JKK14</a>, we use this as the foundation for our blind signing protocol.</p><ul><li><p>Let <code><b>G</b></code> be a cyclic group of prime-order</p></li><li><p>Let <code>H</code> be a collision-resistant hash function hashing into <code>G</code></p></li><li><p>Let <code>k</code> be a private key held by S</p></li><li><p>Let <code>x</code> be a private input held by C</p></li></ul><p>The protocol now proceeds as:</p><ul><li><p>C sends <code>H(x)</code> to S</p></li><li><p>S returns <code>kH(x)</code> to C</p></li></ul><p>Clearly, this is an exceptionally simple protocol, security is established since:</p><ul><li><p>The collision-resistant hash function prevents S from reversing <code>H(x)</code> to learn <code>x</code></p></li><li><p>The hardness of the discrete log problem (DLP) prevents C from learning <code>k</code> from <code>kH(x)</code></p></li><li><p>The output <code>kH(x)</code> is pseudorandom since <code><b>G</b></code> is a prime-order group and <code>k</code> is chosen at random.</p></li></ul><h4>Blind signing via an OPRF</h4><p>Using the OPRF design above as the foundation, the research team wrote a variation that we can use for a blind signing protocol; we detail this construction below. In our ‘blind signing’ protocol we require that:</p><ul><li><p>The client/user can have random values signed obliviously by the edge server</p></li><li><p>The client can ‘unblind’ these values and present them in the future for verification</p></li><li><p>The edge can commit to the secret key publicly and prove that it is used for signing all tokens globally</p></li></ul><p>The blind signing protocol is split into two phases.</p><p>Firstly, there is a <b>blind signing phase</b> that is carried out between the user and the edge after the user has successfully solved a challenge. The result is that the user receives a number of <code>signed</code> tokens (default 30) that are unblinded and stored for future use. Intuitively, this mirrors the execution of the OPRF protocol above.</p><p>Secondly, there is a <b>redemption phase</b> where an unblinded token is used for bypassing a future iteration of the challenge.</p><p>Let <code><b>G</b></code> be a cyclic group of prime-order <code>q</code>. Let <code>H_1</code>,<code>H_2</code> be a pair of collision-resistant hash functions; <code>H_1</code> hashes into the group <code><b>G</b></code> as before, <code>H_2</code> hashes into a binary string of length <code>n</code>.</p><p>In the following, we will slightly different notation to make it consistent with existing literature. Let <code>x</code> be a private key held by the server S. Let <code>t</code> be the input held by the user/client C. Let <code>ZZ_q</code> be the ring of integers modulo <code>q</code>. We write all operations in their scalar multiplication form to be consistent with EC notation. Let <code>MAC_K()</code> be a <a href=\"https://en.wikipedia.org/wiki/Message_authentication_code\">message-authentication code</a> algorithm keyed by a key <code>K</code>.</p><h4>Signing phase</h4><ul><li><p>C samples a random ‘blind’ <code>r ← ZZ_q</code></p></li><li><p>C computes <code>T = H_1(t)</code> and then blinds it by computing <code>rT</code></p></li><li><p>C sends <code>M = rT</code> to S</p></li><li><p>S computes <code>Z = xM</code> and returns <code>Z</code> to C</p></li><li><p>C computes <code>(1/r)*Z = xT = N</code> and stores the pair <code>(t,N)</code> for some point in the future</p></li></ul><p>We think of <code>T = H_1(t)</code> as a token, these objects form the backbone of the protocol that we use to bypass challenges.Notice, that the only difference between this protocol and the OPRF above is the blinding factor <code>r</code> that we use.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3LJYvqKAwDw1Rh6oPlGeZy/ef4c5d38cf87ce48480c6e7680d17444/image2.png\" alt=\"\" class=\"kg-image\" width=\"600\" height=\"400\" loading=\"lazy\"/>\n \n </figure><h4>Redemption phase</h4><ul><li><p>C calculates request binding data <code>req</code> and chooses an unspent token <code>(t,N)</code></p></li><li><p>C calculates a shared key <code>sk = H_2(t,N)</code> and sends <code>(t, MAC_sk(req))</code> to S</p></li><li><p>S recalculates <code>req&#39;</code> based on the request data that it witnesses</p></li><li><p>S checks that <code>t</code> has not been spent already and calculates <code>T = H_1(t)</code>, <code>N = xT</code>, and <code>sk = H_2(t,N)</code></p></li><li><p>Finally S checks that <code>MAC_sk(req&#39;) =?= MAC_sk(req)</code>, and stores <code>t</code> to check against future redemptions</p></li></ul><p>If all the steps above pass, then the server validates that the user has a validly signed token. When we refer to ‘passes’ we mean the pair <code>(t, MAC_sk(req))</code> and if verification is successful the edge server grants the user access to the requested resource.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5UrTr7lpAY9Fin8rctVoLa/61fbb098340ac56a5012b6f03a13acc0/image1-1.png\" alt=\"\" class=\"kg-image\" width=\"600\" height=\"400\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"cryptographic-security-of-protocol\">Cryptographic security of protocol</h3>\n <a href=\"#cryptographic-security-of-protocol\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>There are many different ways in which we need to ensure that the protocol remains “secure”. Clearly one of the main features is that the user remains anonymous in the transaction. Furthermore, we need to show that the client is unable to leverage the protocol in order to learn the private key of the edge, or arbitrarily gain infinite tokens. We give two security arguments for our protocol that we can easily reduce to cryptographic assumptions on the hardness of widely-used problems. There are a number of other security goals for the protocol but we consider the two arguments below as fundamental security requirements.</p><h4>Unlinkability in the presence of an adversarial edge</h4><p>Similarly to the RSA blind signing protocol, the blind r is used to prevent the edge from learning the value of <code>T</code>, above. Since <code>r</code> is not used in the redemption phase of the protocol, there is no way that the server can link a blinded token <code>rT</code> in the signing phase to any token in a given redemption phase. Since S recalculates <code>T</code> during redemption, it may be tempting to think that S could recover <code>r</code> from <code>rT</code>. However, the hardness of the discrete log problem prevents S from launching this attack. Therefore, the server has no knowledge of <code>r</code>.</p><p>As mentioned and similarly to the <a href=\"#jkk14\">JKK14</a> OPRF protocol above, we rely on the hardness of standard cryptographic assumptions such as the discrete log problem (DLP), and collision-resistant hash functions. Using these hardness assumptions it is possible to write a proof of security in the presence of a dishonest server. The proof of security shows that assuming that these assumptions are hard, then a dishonest server is unable to link an execution of the signing phase with any execution of the redemption phase with probability higher than just randomly guessing.</p><p>Intuitively, in the signing phase, C sends randomly distributed data due to the blinding mechanism and so S cannot learn anything from this data alone. In the redemption phase, C unveils their token, but the transcript of the signing phase witnessed by S is essentially random and so it cannot be used to learn anything from the redemption phase.</p><p>This is not a full proof of security but gives an idea as to how we can derive cryptographic hardness for the underlying protocol. We hope to publish a more detailed cryptographic proof in the near future to accompany our protocol design.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"key-privacy-for-the-edge\">Key privacy for the edge</h3>\n <a href=\"#key-privacy-for-the-edge\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>It is also crucial to prove that the exchange does not reveal the secret key <code>x</code> to the user. If this were to happen, then the user would be able to arbitrarily sign their own tokens, giving them an effectively infinite supply.</p><p>Notice that the only time when the client is exposed to the key is when they receive <code>Z = xM</code>. In elliptic-curve terminology, the client receives their blinded token scalar multiplied with <code>x</code>. Notice, that this is also identical to the interaction that an adversary witnesses in the discrete log problem. In fact, if the client was able to compute <code>x</code> from <code>Z</code>, then the client would also be able to solve the DLP — which is thought to be very hard for established key sizes. In this way, we have a sufficient guarantee that an adversarial client would not be able to learn the key from the signing interaction.</p><h4>Preventing further deanonymization attacks using “Verifiable” OPRFs</h4><p>While the proof of security above gives some assurances about the cryptographic design of the protocol, it does not cover the possibility of possible out-of-band deanonymization. For instance, the edge server can sign tokens with a new secret key each time. Ignoring the cost that this would incur, the server would be able to link token signing and redemption phases by simply checking the validation for each private key in use.</p><p>There is a solution known as a ‘discrete log equivalence proof’ (DLEQ proof). Using this, a server commits to a secret key <code>x</code> by publicly posting a pair <code>(G, xG)</code> for a generator <code>G</code> of the prime-order group <code><b>G</b></code>. A DLEQ proof intuitively allows the server to prove to the user that the signed tokens <code>Z = xrT</code> and commitment <code>xG</code> both have the same discrete log relation <code>x</code>. Since the commitment is posted publicly (similarly to a <a href=\"https://www.certificate-transparency.org/\">Certificate Transparency Log</a>) this would be verifiable by all users and so the deanonymization attack above would not be possible.</p><h4>DLEQ proofs</h4><p>The DLEQ proof objects take the form of a Chaum-Pedersen <a href=\"#cp93\">CP93</a> non-interactive zero-knowledge (NIZK) proof. Similar proofs were used in <a href=\"#jkk14\">JKK14</a> to show that their OPRF protocol produced “verifiable” randomness, they defined their construction as a VOPRF. In the following, we will describe how these proofs can be augmented into the signing phase above.</p><p><i>The DLEQ proof verification in the extension is still in development and is not completely consistent with the protocol below. We hope to complete the verification functionality in the near future.</i></p><p>Let <code>M = rT</code> be the blinded token that C sends to S, let <code>(G,Y) = (G,xG)</code> be the commitment from above, and let H_3 be a new hash function (modelled as a random oracle for security purposes). In the protocol below, we can think of S playing the role of the &#39;prover&#39; and C the &#39;verifier&#39; in a traditional NIZK proof system.</p><ul><li><p>S computes <code>Z = xM</code>, as before.</p></li><li><p>S also samples a random nonce <code>k ← ZZ_q</code> and commits to the nonce by calculating <code>A = kG</code> and <code>B = kM</code></p></li><li><p>S constructs a challenge <code>c ← H_3(G,Y,M,Z,A,B)</code> and computes <code>s = k-cx (mod q)</code></p></li><li><p>S sends <code>(c,s)</code> to the user C</p></li><li><p>C recalculates <code>A&#39; = sG + cY</code> and <code>B&#39; = s*M + c*Z</code> and hashes <code>c&#39; = H_3(G,Y,M,Z,A’,B’)</code>.</p></li><li><p>C verifies that <code>c&#39; =?= c</code>.</p></li></ul><p>Note that correctness follows since</p>\n <pre class=\"language-bash\"><code class=\"language-bash\">A&#039; = sG + cY = (k-cx)G + cxG = kG and B&#039; = sM + cZ = r(k-cx)T + crxT = krT = kM </pre></code>\n <p>We write DLEQ(Z/M == Y/G) to denote the proof that is created by S and validated by C.In summary, if both parties have a consistent view of <code>(G,Y)</code> for the same epoch then the proof should verify correctly. As long as the discrete log problem remains hard to solve, then this proof remains zero-knowledge (in the random oracle model). For our use-case the proof verifies that the same key <code>x</code> is used for each invocation of the protocol, as long as <code>(G,Y)</code> does not change.</p><h4>Batching the proofs</h4><p>Unfortunately, a drawback of the proof above is that it has to be instantiated for each individual token sent in the protocol. Since we send 30 tokens by default, this would require the server to also send 30 DLEQ proofs (with two EC elements each) and the client to verify each proof individually.</p><p>Interestingly, Henry showed that it was possible to batch the above NIZK proofs into one object with only one verification required <a href=\"#hen14\">Hen14</a>. Using this batching technique substantially reduces the communication and computation cost of including the proof.</p><p>Let <code>n</code> be the number of tokens to be signed in the interaction, so we have <code>M_i = r_i*T_i</code> for the set of blinded tokens corresponding to inputs <code>t_i</code>.</p><ul><li><p>S generates corresponding <code>Z_i = x*M_i</code></p></li><li><p>S also computes a seed <code>z = H_3(G,Y,M_1,...,M_n,Z_1,...,Z_n)</code></p></li><li><p>S then initializes a pseudorandom number generator PRNG with the seed <code>z</code> and outputs <code>c_1, ... , c_n ← PRNG(z)</code> where the output domain of PRNG is <code>ZZ_q</code></p></li><li><p>S generates composite group elements:</p></li></ul>\n <pre class=\"language-bash\"><code class=\"language-bash\">M = (c_1*M_1) + ... + (c_n*M_n), Z = (c_1*Z_1) + ... + (c_n*Z_n)</pre></code>\n <ul><li><p>S calculates <code>(c,s) ← DLEQ(M:Z == G:Y)</code> and sends <code>(c,s)</code> to C, where <code>DLEQ(Z/M == Y/G)</code> refers to the proof protocol used in the non-batching case.</p></li><li><p>C computes <code>c’_1, … , c’_n ← PRNG(z)</code> and re-computes <code>M’</code>, <code>Z’</code> and checks that <code>c’ =?= c</code></p></li></ul><p>To see why this works, consider the reduced case where m = 2:</p>\n <pre class=\"language-bash\"><code class=\"language-bash\">Z_1 = x(M_1),\nZ_2 = x(M_2),\n(c_1*Z_1) = c_1(x*M_1) = x(c_1*M_1),\n(c_2*Z_2) = c_2(x*M_2) = x(c_2*M_2),\n(c_1*Z_1) + (c_2*Z_2) = x[(c_1*M_1) + (c_2*M_2)]\n</pre></code>\n <p>Therefore, all the elliptic curve points will have the same discrete log relation as each other, and hence equal to the secret key that is committed to by the edge.</p><h4>Benefits of V-OPRF vs blind RSA</h4><p>While the blind RSA specification that we released fulfilled our needs, we make the following concrete gains</p><ul><li><p>Simpler, faster primitives</p></li><li><p>10x savings in pass size (~256 bits using P-256 instead of ~2048)</p></li><li><p>The only thing edge to manage is a private scalar. No certificates.</p></li><li><p>No need for public-key encryption at all, since the derived shared key used to calculate each MAC is never transmitted and cannot be found from passive observation without knowledge of the edge key or the user&#39;s blinding factor.</p></li><li><p>Exponentiations are more efficient due to use of elliptic curves.</p></li><li><p>Easier key rotation. Instead of managing certificates pinned in TBB and submitted to CT, we can use the DLEQ proofs to allow users to positively verify they&#39;re in the same anonymity set with regard to the edge secret key as everyone else.</p></li></ul><h4>Download</h4><p>Privacy Pass v1.0 is available as a browser extension for <a href=\"https://chrome.google.com/webstore/detail/privacy-pass/ajhmfdgkijocedmfjonnpjfojldioehi\">Chrome</a> and <a href=\"https://addons.mozilla.org/en-US/firefox/addon/privacy-pass/\">Firefox</a>. If you find any issues while using then <a href=\"https://privacypass.github.io\">let us know</a>.</p><h4>Source code</h4><p>The code for the browser extension and server has been open-sourced and can be found at <a href=\"https://github.com/privacypass/challenge-bypass-extension\">https://github.com/privacypass/challenge-bypass-extension</a> and <a href=\"https://github.com/privacypass/challenge-bypass-server\">https://github.com/privacypass/challenge-bypass-server</a> respectively. We are welcoming contributions if you happen to notice any improvements that can be made to either component. If you would like to get in contact with the Privacy Pass team then find us at our <a href=\"https://privacypass.github.io\">website</a>.</p><h4>Protocol details</h4><p>More information about the protocol can be found <a href=\"https://privacypass.github.io/protocol\">here</a>.</p><h4>Acknowledgements</h4><p>The creation of Privacy Pass has been a joint effort by the team made up of George Tankersley, Ian Goldberg, Nick Sullivan, Filippo Valsorda and myself.</p><p>I&#39;d also like to thank Eric Tsai for creating the logo and extension design, Dan Boneh for helping us develop key parts of the protocol, as well as Peter Wu and Blake Loring for their helpful code reviews. We would also like to acknowledge Sharon Goldberg, Christopher Wood, Peter Eckersley, Brian Warner, Zaki Manian, Tony Arcieri, Prateek Mittal, Zhuotao Liu, Isis Lovecruft, Henry de Valence, Mike Perry, Trevor Perrin, Zi Lin, Justin Paine, Marek Majkowski, Eoin Brady, Aaran McGuire, and many others who were involved in one way or another and whose efforts are appreciated.</p><h4>References</h4><p>Cha82: Chaum. <a href=\"https://dl.acm.org/citation.cfm?doid=4372.4373\">Blind signatures for untraceable payments. CRYPTO’82</a>CP93: Chaum, Pedersen. <a href=\"http://chaum.com/publications/Wallet_Databases.pdf\">Wallet Databases with Observers. CRYPTO&#39;92.</a>Hen14: Ryan Henry. <a href=\"https://uwspace.uwaterloo.ca/bitstream/handle/10012/8621/Henry_Ryan.pdf\">Efficient Zero-Knowledge Proofs and Applications, August 2014.</a>JKK14: Jarecki, Kiayias, Krawczyk. <a href=\"https://eprint.iacr.org/2014/650.pdf\">Round-Optimal Password-Protected Secret Sharing and T-PAKE in the Password-Only model.</a>JKKX16: Jarecki, Kiayias, Krawczyk, Xu. <a href=\"https://eprint.iacr.org/2016/144.pdf\">Highly-Efficient and Composable Password-Protected Secret Sharing.</a></p>"],"published_at":[0,"2017-11-09T16:05:00.000+00:00"],"updated_at":[0,"2024-10-10T00:42:12.304Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1yXzyZDnhtRQkiULdIAWCK/221255b93aab8c3fe5dce7eb2d871a80/privacy-pass-the-math.png"],"tags":[1,[[0,{"id":[0,"3ZtL0yV0R4ScAreV1dTfIY"],"name":[0,"Privacy Pass"],"slug":[0,"privacy-pass"]}],[0,{"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"name":[0,"Security"],"slug":[0,"security"]}],[0,{"id":[0,"11uq7RpwEtvy8Ic53C6cMR"],"name":[0,"CAPTCHA"],"slug":[0,"captcha"]}],[0,{"id":[0,"3skwJ34K0c3CEY1cNogR4n"],"name":[0,"Chrome"],"slug":[0,"chrome"]}],[0,{"id":[0,"kn8Lmy4luvCeAabblVvHH"],"name":[0,"Firefox"],"slug":[0,"firefox"]}],[0,{"id":[0,"1x7tpPmKIUCt19EDgM1Tsl"],"name":[0,"Research"],"slug":[0,"research"]}],[0,{"id":[0,"1QsJUMpv0QBSLiVZLLQJ3V"],"name":[0,"Cryptography"],"slug":[0,"cryptography"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Alex Davidson"],"slug":[0,"alex-davidson"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1m0ky2DnnbIO9nnFOvrHoH/cc78437164b23c2556e933cae0681534/alex-davidson.jpg"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,null],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Privacy Pass - “The Math” Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/privacy-pass-the-math"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,""]}]}],[0,{"id":[0,"7vBxBfvbpwQEokzxhTdIy6"],"title":[0,"Cloudflare supports Privacy Pass"],"slug":[0,"cloudflare-supports-privacy-pass"],"excerpt":[0,"Cloudflare supports Privacy Pass, a recently-announced privacy-preserving protocol developed in collaboration with researchers from Royal Holloway and the University of Waterloo. "],"featured":[0,false],"html":[0,"\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7vA4PjhsAUXab0yreDk1Mu/c21cba4090509585301555d18a44f02f/DONF9cRWsAE3OZf-1-2.jpg\" alt=\"\" class=\"kg-image\" width=\"440\" height=\"131\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"enabling-anonymous-access-to-the-web-with-privacy-preserving-cryptography\">Enabling anonymous access to the web with privacy-preserving cryptography</h3>\n <a href=\"#enabling-anonymous-access-to-the-web-with-privacy-preserving-cryptography\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Cloudflare supports Privacy Pass, a <a href=\"https://medium.com/@alxdavids/privacy-pass-6f0acf075288\">recently-announced</a> privacy-preserving protocol developed in collaboration <a href=\"https://privacypass.github.io\">with researchers from Royal Holloway and the University of Waterloo</a>. Privacy Pass leverages an idea from cryptography — zero-knowledge proofs — to let users prove their identity across multiple sites anonymously without enabling tracking. Users can now use the Privacy Pass browser extension to reduce the number of challenge pages presented by Cloudflare. We are happy to support this protocol and believe that it will help improve the browsing experience for some of the Internet’s least privileged users.</p><p>The Privacy Pass extension is available for both <a href=\"https://chrome.google.com/webstore/detail/privacy-pass/ajhmfdgkijocedmfjonnpjfojldioehi\">Chrome</a> and <a href=\"https://addons.mozilla.org/en-US/firefox/addon/privacy-pass/\">Firefox</a>. When people use anonymity services or shared IPs, it makes it more difficult for <a href=\"https://www.cloudflare.com/learning/security/how-to-secure-a-website/\">website protection services</a> like Cloudflare to identify their requests as coming from legitimate users and not bots. Privacy Pass helps reduce the friction for these users—which include some of the most vulnerable users online—by providing them a way to prove that they are a human across multiple sites on the Cloudflare network. This is done without revealing their identity, and without exposing Cloudflare customers to additional threats from malicious bots. As the first service to support Privacy Pass, we hope to help demonstrate its usefulness and encourage more Internet services to adopt it.</p><p>Adding support for Privacy Pass is part of a broader initiative to help make the Internet accessible to as many people as possible. Because Privacy Pass will only be used by a small subset of users, we are also working on other improvements to our network in service of this goal. For example, we are making improvements in our request categorization logic to better identify bots and to improve the web experience for legitimate users who are negatively affected by Cloudflare’s current bot protection algorithms. As this system improves, users should see fewer challenges and site operators should see fewer requests from unwanted bots. We consider Privacy Pass a piece of this puzzle.</p><p>Privacy Pass is fully open source under a BSD license and the code is available <a href=\"https://github.com/privacypass/challenge-bypass-extension\">on GitHub</a>. We encourage anyone who is interested to download the source code, play around with the implementations and contribute to the project. The Pass Team have also open sourced a <a href=\"https://github.com/privacypass/challenge-bypass-server\">reference implementation of the server</a> in Go if you want to test both sides of the system. Privacy Pass support at Cloudflare is currently in beta. If you find a bug, please let the team know by creating an issue on GitHub.</p><p>In this blog post I&#39;ll be going into depth about the problems that motivated our support for this project and how you can use it to reduce the annoyance factor of CAPTCHAs and other user challenges online.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"enabling-universal-access-to-content\">Enabling universal access to content</h3>\n <a href=\"#enabling-universal-access-to-content\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Cloudflare believes that the <a href=\"/ensuring-that-the-web-is-for-everyone/\">web is for everyone</a>. This includes people who are accessing the web anonymously or through shared infrastructure. Tools like VPNs are useful for protecting your identity online, and people using these tools should have the same access as everyone else. We believe the vast collection of information and services that make up the Internet should be available to every person.</p><p>In a <a href=\"/the-trouble-with-tor/\">blog post last year</a>, our CEO, Matthew Prince, spoke about the tension between security, anonymity, and convenience on the Internet. He posited that in order to secure a website or service while still allowing anonymous visitors, you have to sacrifice a bit of convenience for these users. This tradeoff is something that every website or web service has to make.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1rTJ4tISNkUI4x5SxAZIWU/3a9ad7898fa4811504aeb44db6b168d2/image5.jpg\" alt=\"\" class=\"kg-image\" width=\"1718\" height=\"1226\" loading=\"lazy\"/>\n \n </figure><p>The Internet is full of bad actors. The frequency and severity of online attacks is <a href=\"http://techspective.net/2017/08/12/latest-ddos-trends-learning-experts/\">rising every year</a>. This turbulent environment not only threatens websites and web services with attacks, it threatens their ability to stay online. As smaller and more diverse sites become targets of anonymous threats, a greater percentage of the Internet will choose to sacrifice user convenience in order to stay secure and universally accessible.</p><p>The average Internet user visits dozens of sites and services every day. Jumping through a hoop or two when trying to access a single website is not that big of a problem for people. Having to do that for every site you visit every day can be exhausting. This is the problem that Privacy Pass is perfectly designed to solve.</p><p>Privacy Pass doesn’t completely eliminate this inconvenience. Matthew’s trilemma still applies: anonymous users are still inconvenienced for sites that want security. What Privacy Pass does is to notably reduce that inconvenience for users with access to a browser. Instead of having to be inconvenienced thirty times to visit thirty different domains, you only have to be inconvenienced once to gain access to thirty domains on the Cloudflare network. Crucially, unlike unauthorized services like <a href=\"https://addons.mozilla.org/firefox/addon/cloudhole/\">CloudHole</a>, Privacy Pass is designed to respect user privacy and anonymity. This is done using privacy-preserving cryptography, which prevents Cloudflare or anyone else from tracking a user’s browsing across sites. Before we go into how this works, let’s take a step back and take a look at why this is necessary.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"am-i-a-bot-or-not\">Am I a bot or not?</h3>\n <a href=\"#am-i-a-bot-or-not\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/43zt4JxSv0HW37HA0mfbpj/35736e017d0903dc6c0a89e135635e67/image2.jpg\" alt=\"\" class=\"kg-image\" width=\"1999\" height=\"1500\" loading=\"lazy\"/>\n \n </figure><p><a href=\"https://commons.wikimedia.org/wiki/File:Metal_House_Battery_Operated_New_2010_Robots_You_are_Three_Times_a_Robot~~.jpg\">D J Shin</a> Creative Commons Attribution-Share Alike 3.0 Unported</p><p>Without explicit information about the identity of a user, a web server has to rely on fuzzy signals to guess which request is from a bot and which is from a human. For example, bots often use automated scripts instead of web browsers to do their crawling. The way in which scripts make web requests is often different than how web browsers would make the same request in subtle ways.</p><p>A simple way for a user to prove they are not a bot to a website is by logging in. By providing valid authentication credentials tied to a long-term identity, a user is exchanging their anonymity for convenience. Having valid authentication credentials is a strong signal that a request is not from a bot. Typically, if you authenticate yourself to a website (say by entering your username and password) the website sets what’s called a “cookie”. A cookie is just a piece of data with an expiration date that’s stored by the browser. As long as the cookie hasn’t expired, the browser includes it as part of the subsequent requests to the server that set it. Authentication cookies are what websites use to know whether you’re logged in or not. Cookies are only sent on the domain that set them. A cookie set by site1.com is not sent for requests to site2.com. This prevents identity leakage from one site to another.</p><p>A request with an authentication cookie is usually not from a bot, so bot detection is much easier for sites that require authentication. Authentication is by definition de-anonymizing, so putting this in terms of Matthew’s trilemma, these sites can have security and convenience because they provide no anonymous access. The web would be a very different place if every website required authentication to display content, so this signal can only be used for a small set of sites. The question for the rest of the Internet becomes: without authentication cookies, what else can be used as a signal that a user is a person and not a bot?</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"the-turing-test\">The Turing Test</h3>\n <a href=\"#the-turing-test\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>One thing that can be used is a user challenge: a task that the server asks the user to do before showing content. User challenges can come in many forms, from a <a href=\"https://en.wikipedia.org/wiki/Proof-of-work_system\">proof-of-work</a> to a <a href=\"https://en.wikipedia.org/w/index.php?title=Guided_tour_puzzle_protocol\">guided tour puzzle</a> to the classic CAPTCHA. A CAPTCHA (an acronym for &quot;Completely Automated Public Turing test to tell Computers and Humans Apart&quot;) is a test to see if the user is a human or not. It often involves reading some scrambled letters or identifying certain slightly obscured objects — tasks that humans are generally better at than automated programs. The goal of a user challenge is not only to deter bots, but to gain confidence that a visitor is a person. Cloudflare uses a combination of different techniques as user challenges.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2VcN8gtQWsULtIcGMggqDJ/c51be6c6bb97edf8836d04b2542a4f63/image7.jpg\" alt=\"\" class=\"kg-image\" width=\"300\" height=\"57\" loading=\"lazy\"/>\n \n </figure><p>CAPTCHAs can be annoying and time-consuming to solve, so they are usually reserved for visitors with a high probability of being malicious.</p><p>The challenge system Cloudflare uses is cookie-based. If you solve a challenge correctly, Cloudflare will set a cookie called <code>CF_CLEARANCE</code> for the domain that presented the challenge. Clearance cookies are like authentication cookies, but instead of being tied to an identity, they are tied to the fact that you solved a challenge sometime in the past.</p><ol><li><p>Person sends Request</p></li><li><p>Server responds with a challenge</p></li><li><p>Person sends solution</p></li><li><p>Server responds with <code>set-cookie</code> and bypass cookie</p></li><li><p>Person sends new request with cookie</p></li><li><p>Server responds with content from origin</p></li></ol><p>Site visitors who are able to solve a challenge are much more likely to be people than bots, the harder the challenge, the more likely the visitor is a person. The presence of a valid <code>CF_CLEARANCE</code> cookie is a strong positive signal that a request is from a legitimate person.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"how-privacy-pass-protects-your-privacy-a-voting-analogy\">How Privacy Pass protects your privacy: a voting analogy</h3>\n <a href=\"#how-privacy-pass-protects-your-privacy-a-voting-analogy\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>You can use cryptography to prove that you have solved a challenge of a certain difficulty without revealing which challenge you solved. The technique that enables this is something called a <a href=\"https://en.wikipedia.org/wiki/Zero-knowledge_proof\">Zero-knowledge proof</a>. This may sound scary, so let’s use a real-world scenario, vote certification, to explain the idea.</p><p>In some voting systems the operators of the voting center certify every ballot before sending them to be counted. This is to prevent people from adding fraudulent ballots while the ballots are being transferred from where the vote takes place to where the vote is counted.</p><p>An obvious mechanism would be to have the certifier sign every ballot that a voter submits. However, this would mean that the certifier, having just seen the person that handed them a ballot, would know how each person voted. Instead, we can use a better mechanism that preserves voters’ privacy using an envelope and some carbon paper.</p><ol><li><p>The voter fills out their ballot</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3jJCdqzHAp2kJrLYM3sYCT/5cfc32ff560877037977e7530faf1929/image6.png\" alt=\"\" class=\"kg-image\" width=\"1042\" height=\"730\" loading=\"lazy\"/>\n \n </figure></li><li><p>The voter puts their ballot into an envelope along with a piece of carbon paper, and seals the envelope</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7z8pR9zhr9HYM4OE9y2r4f/26fc8bcb4a1e4c92637cfc5b0f6ea0fb/image1.png\" alt=\"\" class=\"kg-image\" width=\"1042\" height=\"730\" loading=\"lazy\"/>\n \n </figure></li><li><p>The sealed envelope is given to the certifier</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3OhNebQdBXnoTBrBOTcDN9/54ad9db17b0956adc0a973f9a4d56b6b/image3.png\" alt=\"\" class=\"kg-image\" width=\"1043\" height=\"730\" loading=\"lazy\"/>\n \n </figure></li><li><p>The certifier signs the outside of the envelope. The pressure of the signature transfers the signature from the carbon paper to the ballot itself, effectively signing the ballot.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/fOvx6CrNvdsaPofVLPgPG/c33497b10a9212634b63c0bb349809dc/image8.png\" alt=\"\" class=\"kg-image\" width=\"1043\" height=\"730\" loading=\"lazy\"/>\n \n </figure></li><li><p>Later, when the ballot counter unseals the envelope, they see the certifier’s signature on the ballot.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4FSldNuKdhhv537vDigZtp/c35bd412ad8c468d9b2068149afef072/image4.png\" alt=\"\" class=\"kg-image\" width=\"1042\" height=\"730\" loading=\"lazy\"/>\n \n </figure></li></ol><p>With this system, a voting administrator can authenticate a ballot without knowing its content, and then the ballot can be verified by an independent assessor.</p><p>Privacy Pass is like vote certification for the Internet. In this analogy, Cloudflare’s challenge checking service is the vote certifier, Cloudflare’s bot detection service is the vote counter and the anonymous visitor is the voter. When a user encounters a challenge on site A, they put a ballot into a sealed envelope and send it to the server along with the challenge solution. The server then signs the envelope and returns it to the client. Since the server is effectively signing the ballot without knowing its contents, this is called a <i>blind signature</i>.</p><p>When the user sees a challenge on site B, the user takes the ballot out of the envelope and sends it to the server. The server then checks the signature on the ballot, which proves that the user has solved a challenge. Because the server has never seen the contents of the ballot, it doesn’t know which site the challenge was solved for, just that a challenge was solved.</p><p>It turns out that with the right cryptographic construction, you can approximate this scenario digitally. This is the idea behind Privacy Pass.</p><p>The Privacy Pass team implemented this using a privacy-preserving cryptographic construction called an Elliptic Curve Verifiable Oblivious Pseudo-Random Function (EC-VOPRF). Yes, it’s a mouthful. From the Privacy Pass Team:</p><blockquote><p>Every time the Privacy Pass plugin needs a new set of privacy passes, it creates a set of thirty random numbers <code>t1</code> to <code>t30</code>, hashes them into a curve (P-256 in our case), blinds them with a value <code>b</code> and sends them along with a challenge solution. The server returns the set of points multiplied by its private key and a batch discrete logarithm equivalence proof. Each pair <code>tn, HMAC(n,M)</code> constitutes a Privacy Pass and can be redeemed to solve a subsequent challenge. Voila!</p></blockquote><p>If none of these words make sense to you and you want to know more, check out the Privacy Pass team’s [protocol design document](<a href=\"https://privacypass.github.io/protocol/\">https://privacypass.github.io/protocol/</a>).</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"making-it-work-in-the-browser\">Making it work in the browser</h3>\n <a href=\"#making-it-work-in-the-browser\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>It takes more than a nice security protocol based on solid cryptography to make something useful in the real world. To bring the advantages of this protocol to users, the Privacy Pass team built a client in JavaScript and packaged it using <a href=\"https://developer.mozilla.org/en-US/Add-ons/WebExtensions/What_are_WebExtensions\">WebExtensions</a>, a cross-browser framework for developing applications that run in the browser and modify website behavior. This standard is compatible with both Chrome and Firefox. A reference implementation of the server side of the protocol was <a href=\"https://github.com/privacypass/challenge-bypass-server\">also implemented in Go</a>.</p><p>If you’re a web user and are annoyed by CAPTCHAs, you can download the Privacy Pass extension for Chrome <a href=\"https://chrome.google.com/webstore/detail/privacy-pass/ajhmfdgkijocedmfjonnpjfojldioehi\">here</a> and for Firefox <a href=\"https://addons.mozilla.org/en-US/firefox/addon/privacy-pass/\">here</a>. It will significantly improve your web browsing experience. Once it is installed, you’ll see a small icon on your browser with a number under it. The number is how many unused privacy passes you have. If you are running low on passes, simply click on the icon and select “Get More Passes,” which will load a CAPTCHA you can solve in exchange for thirty passes. Every time you visit a domain that requires a user challenge page to view, Privacy Pass will “spend” a pass and the content will load transparently. Note that you may see more than one pass spent up when you load a site for the first time if the site has subresources from multiple domains.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/23gnEcti3z4owPHwH37m6o/09b9335b07c60d4e20b2510159f83440/Firefox-3--2-.png\" alt=\"\" class=\"kg-image\" width=\"1280\" height=\"800\" loading=\"lazy\"/>\n \n </figure><p>The Privacy Pass extension works by hooking into the browser and looking for HTTP responses that have a specific header that indicates support for the Privacy Pass protocol. When a challenge page is returned, the extension will either try to issue new privacy passes or redeem existing privacy passes. The cryptographic operations in the plugin were built on top of <a href=\"https://github.com/bitwiseshiftleft/sjcl\">SJCL</a>.</p><p>If you’re a Cloudflare customer and want to opt out from supporting Privacy Pass, please <a href=\"https://support.cloudflare.com\">contact our support team</a> and they will disable it for you. We are soon adding a toggle for Privacy Pass in the Firewall app in the Cloudflare dashboard.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"the-web-is-for-everyone\">The web is for everyone</h3>\n <a href=\"#the-web-is-for-everyone\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The technology behind Privacy Pass is free for anyone to use. We see a bright future for this technology and think it will benefit from community involvement. The protocol is currently only deployed at Cloudflare, but it could easily be used across different organizations. It’s easy to imagine obtaining a Privacy Pass that proves that you have a Twitter or Facebook identity and using it to access other services on the Internet without revealing your identity, for example. There are a wide variety of applications of this technology that extend well beyond our current use cases.</p><p>If this technology is intriguing to you and you want to collaborate, please reach out to the Privacy Pass team on <a href=\"https://github.com/privacypass\">GitHub</a>.</p>"],"published_at":[0,"2017-11-09T16:00:00.000+00:00"],"updated_at":[0,"2024-10-10T00:42:11.701Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5Q9x8oXuoqqS5PV6rsYOBm/cf4adf16d3d2c75555d5bb6eef5405ce/cloudflare-supports-privacy-pass.png"],"tags":[1,[[0,{"id":[0,"3BWeMuiOShelE7QM48sW9j"],"name":[0,"Privacy"],"slug":[0,"privacy"]}],[0,{"id":[0,"11uq7RpwEtvy8Ic53C6cMR"],"name":[0,"CAPTCHA"],"slug":[0,"captcha"]}],[0,{"id":[0,"3ZtL0yV0R4ScAreV1dTfIY"],"name":[0,"Privacy Pass"],"slug":[0,"privacy-pass"]}],[0,{"id":[0,"kn8Lmy4luvCeAabblVvHH"],"name":[0,"Firefox"],"slug":[0,"firefox"]}],[0,{"id":[0,"3skwJ34K0c3CEY1cNogR4n"],"name":[0,"Chrome"],"slug":[0,"chrome"]}],[0,{"id":[0,"1x7tpPmKIUCt19EDgM1Tsl"],"name":[0,"Research"],"slug":[0,"research"]}],[0,{"id":[0,"1QsJUMpv0QBSLiVZLLQJ3V"],"name":[0,"Cryptography"],"slug":[0,"cryptography"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Nick Sullivan"],"slug":[0,"nick-sullivan"],"bio":[0,"Nick Sullivan was Head of Research (& Cryptography) at Cloudflare until 2023. He is passionate about improving security and privacy through cutting-edge research and the development of open standards."],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1awsFzXodRY6h5BEcWKcCE/790c21d068aea9d2fd26497f095abdc5/nick-sullivan.jpg"],"location":[0,"San Francisco"],"website":[0,"https://crypto.dance"],"twitter":[0,"@grittygrease"],"facebook":[0,null]}]]],"meta_description":[0,null],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Cloudflare supports Privacy Pass Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/cloudflare-supports-privacy-pass"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,""]}]}],[0,{"id":[0,"2zdHVDhrFKGUtMgVjYallG"],"title":[0,"TLS 1.3 explained by the Cloudflare Crypto Team at 33c3"],"slug":[0,"tls-1-3-explained-by-the-cloudflare-crypto-team-at-33c3"],"excerpt":[0,"Nick Sullivan and I gave a talk about TLS 1.3 at 33c3, the latest Chaos Communication Congress. The congress, attended by more that 13,000 hackers in Hamburg, has been one of the hallmark events of the security community for more than 30 years."],"featured":[0,false],"html":[0,"<p><a href=\"/author/nick-sullivan/\">Nick Sullivan</a> and I gave a talk about <a href=\"/tag/tls%201.3/\">TLS 1.3</a> at <a href=\"https://events.ccc.de/tag/33c3/\">33c3</a>, the latest Chaos Communication Congress. The congress, attended by more that 13,000 hackers in Hamburg, has been one of the hallmark events of the security community for more than 30 years.</p><p>You can watch the recording below, or <a href=\"https://media.ccc.de/v/33c3-8348-deploying_tls_1_3_the_great_the_good_and_the_bad\">download it in multiple formats and languages on the CCC website</a>.</p><p>The talk introduces TLS 1.3 and explains how it works in technical detail, why it is faster and more secure, and touches on its history and current status.</p><p>.fluid-width-video-wrapper { margin-bottom: 45px; }</p><p>The <a href=\"https://speakerdeck.com/filosottile/tls-1-dot-3-at-33c3\">slide deck is also online</a>.</p><p>This was an expanded and updated version of the <a href=\"/tls-1-3-overview-and-q-and-a/\">internal talk previously transcribed on this blog</a>.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"tls-1-3-hits-chrome-and-firefox-stable\">TLS 1.3 hits Chrome and Firefox Stable</h3>\n <a href=\"#tls-1-3-hits-chrome-and-firefox-stable\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>In related news, TLS 1.3 is reaching a percentage of Chrome and Firefox users this week, so websites with the Cloudflare TLS 1.3 beta enabled will load faster and more securely for all those new users.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/lIyLFsHXlAipFcgZ1nPWr/e71e81c8a7849214051b75430e1c169e/Screen-Shot-2017-01-30-at-20.14.53.png\" alt=\"The last few days\" class=\"kg-image\" width=\"2319\" height=\"1114\" loading=\"lazy\"/>\n \n </figure><p>You can enable the TLS 1.3 beta from the Crypto section of your control panel.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7jji24riIIZQ2OEC6Xc93r/88d0ae02211b14fd407c065c5880ad31/image00.png\" alt=\"TLS 1.3 toggle\" class=\"kg-image\" width=\"1922\" height=\"320\" loading=\"lazy\"/>\n \n </figure>"],"published_at":[0,"2017-02-01T14:57:00.000+00:00"],"updated_at":[0,"2024-10-10T00:41:46.362Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1I1LTwk8iDcs686WiBaWWm/701e6dad841e702afbe59f07ac818ac7/tls-1-3-explained-by-the-cloudflare-crypto-team-at-33c3.png"],"tags":[1,[[0,{"id":[0,"14zCAfc7F9ROKtNbSxs2Pe"],"name":[0,"TLS 1.3"],"slug":[0,"tls-1-3"]}],[0,{"id":[0,"56vA0Z6hqev6QaJBQmO2J8"],"name":[0,"TLS"],"slug":[0,"tls"]}],[0,{"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"name":[0,"Security"],"slug":[0,"security"]}],[0,{"id":[0,"3skwJ34K0c3CEY1cNogR4n"],"name":[0,"Chrome"],"slug":[0,"chrome"]}],[0,{"id":[0,"kn8Lmy4luvCeAabblVvHH"],"name":[0,"Firefox"],"slug":[0,"firefox"]}],[0,{"id":[0,"5p4Ywa16kAdgLidZ0XHvHa"],"name":[0,"Beta"],"slug":[0,"beta"]}],[0,{"id":[0,"1QsJUMpv0QBSLiVZLLQJ3V"],"name":[0,"Cryptography"],"slug":[0,"cryptography"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Filippo Valsorda"],"slug":[0,"filippo"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/46wTy3eKIkbnXRmuf2gsIt/3b2b4a5afc370ab87b3a189c0424f75c/filippo.jpg"],"location":[0,null],"website":[0,null],"twitter":[0,"@filosottile"],"facebook":[0,null]}]]],"meta_description":[0,null],"primary_author":[0,{}],"localeList":[0,{"name":[0,"TLS 1.3 explained by the Cloudflare Crypto Team at 33c3 Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/tls-1-3-explained-by-the-cloudflare-crypto-team-at-33c3"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,""]}]}],[0,{"id":[0,"1J6z7Vg0DdDXcGHtmBJuNz"],"title":[0,"Introducing TLS 1.3"],"slug":[0,"introducing-tls-1-3"],"excerpt":[0,"The encrypted Internet is about to become a whole lot snappier. When it comes to browsing, we’ve been driving around in a beat-up car from the 90s for a while. Little does anyone know, we’re all about to trade in our station wagons for a smoking new sports car. "],"featured":[0,false],"html":[0,"<p><b><i>CloudFlare is turbocharging the encrypted internet</i></b></p><p>The encrypted Internet is about to become a whole lot snappier. When it comes to browsing, we’ve been driving around in a beat-up car from the 90s for a while. Little does anyone know, we’re all about to trade in our station wagons for a smoking new sports car. The reason for this speed boost is TLS 1.3, a new encryption protocol that improves both speed and security for Internet users everywhere. As of today, TLS 1.3 is available to all CloudFlare customers.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"the-encrypted-internet\">The Encrypted Internet</h3>\n <a href=\"#the-encrypted-internet\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Many of the major web properties you visit are encrypted, which is indicated by the padlock icon and the presence of “https” instead of “http” in the address bar. The “s” stands for secure. When you connect to an HTTPS site, the communication between you and the website is encrypted, which makes browsing the web dramatically more secure, protecting your communication from prying eyes and the <a href=\"/an-introduction-to-javascript-based-ddos/\">injection of malicious code</a>. HTTPS is not only used by websites, it also secures the majority of APIs and mobile application backends.</p><p>The underlying technology that enables secure communication on the Internet is a protocol called Transport Layer Security (TLS). TLS is an evolution of Secure Sockets Layer (SSL), a protocol developed by Netscape in the 1990s. The Internet Engineering Task Force (IETF), a standards body, has been in charge of defining the protocol, which has gone through several iterations. The last version, TLS 1.2, was standardized in 2008 and is currently supported by the majority of browsers and HTTPS-enabled web services.</p><p>TLS 1.2 can be secure when configured correctly, but its age has begun to show. In the last few years, several high-profile attacks have been published that revealed flaws in the protocol. Eight years is a long time in computer security, so the IETF have been working on a new version of the protocol, TLS 1.3, which should be finalized by the end of 2016.</p><p>TLS 1.3 is a major overhaul and has two main advantages over previous versions:</p><ul><li><p>Enhanced security</p></li><li><p>Improved speed</p></li></ul>\n <div class=\"flex anchor relative\">\n <h3 id=\"enhanced-security\">Enhanced Security</h3>\n <a href=\"#enhanced-security\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Most of the attacks on TLS from the last few years targeted vestigial pieces of the protocol left around from the 90s. TLS 1.2 is highly configurable, and vulnerable sites simply failed to disable the older features in hopes of being compatible with old browsers.</p><p>TLS 1.3 embraces the “less is more” philosophy, removing support for older broken forms of cryptography. That means you can’t turn on the potentially vulnerable stuff, even if you try. The list of TLS 1.2 features that have been removed is extensive, and most of the exiled features have been associated with high profile attacks. These include:</p><ul><li><p>RSA key transport — <a href=\"/staying-on-top-of-tls-attacks/\">Doesn’t provide forward secrecy</a></p></li><li><p>CBC mode ciphers — Responsible for <a href=\"/taming-beast-better-ssl-now-available-across/\">BEAST</a>, and <a href=\"https://en.wikipedia.org/wiki/Lucky_Thirteen_attack\">Lucky 13</a></p></li><li><p>RC4 stream cipher — <a href=\"/killing-rc4-the-long-goodbye/\">Not secure for use in HTTPS</a></p></li><li><p>SHA-1 hash function — <a href=\"/why-its-harder-to-forge-a-sha-1-certificate-than-it-is-to-find-a-sha-1-collision/\">Deprecated in favor of SHA-2</a></p></li><li><p>Arbitrary Diffie-Hellman groups — <a href=\"http://blog.intothesymmetry.com/2016/01/openssl-key-recovery-attack-on-dh-small.html\">CVE-2016-0701</a></p></li><li><p>Export ciphers — Responsible for <a href=\"https://freakattack.com/\">FREAK</a> and <a href=\"/logjam-the-latest-tls-vulnerability-explained/\">LogJam</a></p></li></ul>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/49hiXpSgZTn0owXevua6P6/00129c545ce0979a6bab5b34a8da5d32/image02.jpg\" alt=\"\" class=\"kg-image\" width=\"640\" height=\"427\" loading=\"lazy\"/>\n \n </figure><p>CC 2.0 Generic <a href=\"https://www.flickr.com/photos/aquamech-utah/24445365953\">Aqua Mechanical</a></p><p>TLS 1.3 removes the “bad crypto smell” of these legacy features, making it less likely that attacks on previous versions of the protocol will affect TLS 1.3. This streamlining also makes TLS 1.3 much simpler to configure for server operators. A secondary side effect of the update is that the protocol can be made much faster, resulting in a better web browsing experience.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"improved-speed\">Improved Speed</h3>\n <a href=\"#improved-speed\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Fast page load times are critical to the success of web services. Amazon famously <a href=\"https://www.gigaspaces.com/blog/amazon-found-every-100ms-of-latency-cost-them-1-in-sales/\">found that every additional 100ms of page load time decreases sales by 1%</a>. A major component of page load time is latency: the time it takes to send data between the browser and the web server.</p><p>The impact of latency is especially noticeable for:a) users on mobile devicesb) users that geographically far away from the server</p><p>A message from Sydney to New York and back can take over 200ms, enough for <a href=\"https://hpbn.co/primer-on-web-performance/#speed-performance-and-human-perception\">humans to notice</a>. Mobile browsing can also increase latency for a connection. Sending a message over a modern 4G mobile network routinely adds over 100ms of latency to requests. On 3G networks, which are still common in Europe, <a href=\"https://opensignal.com/blog/2014/03/10/lte-latency-how-does-it-compare-to-other-technologies/\">add over 200ms of additional latency</a>. Even home WiFi connections and ISPs add dozens of milliseconds to requests. This additional latency can make mobile browsing feel slow. Unfortunately, encryption can make these slow connections seem slower. TLS 1.3 helps improve this situation.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2vhUThCtQG95GVCJoweEzN/351c7a3163f0404416606e98d24e6301/handshake-1443446541etN.jpg\" alt=\"\" class=\"kg-image\" width=\"1920\" height=\"755\" loading=\"lazy\"/>\n \n </figure><p>To send a message to an encrypted site, you must first establish shared cryptographic keys. This process is called a cryptographic handshake. It requires special messages to be sent back and forth between the browser and the website. The TLS handshake happens behind the scenes whenever you connect to an encrypted site with your browser.</p><p>With TLS 1.2, two <a href=\"https://www.cloudflare.com/learning/cdn/glossary/round-trip-time-rtt/\">round-trips</a> are needed to complete the handshake before the request can be sent. Accessing a site over a mobile network can add more than half a second to its load time. With TLS 1.3, the initial handshake is cut in half, requiring only one round-trip. That’s like going from a fast station wagon (0-60mph in 10 seconds) to a Tesla Model S (5 seconds).</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/9Dw3e5yPlJrQ54CaR7UE1/842b2e25dee71ce2d6fd49eac1fc7e59/image01.jpg\" alt=\"\" class=\"kg-image\" width=\"1999\" height=\"1076\" loading=\"lazy\"/>\n \n </figure><p>If the round-trip time for a connection is around 100ms, the speed boost from TLS 1.3 is enough to take sites that seem <a href=\"https://hpbn.co/primer-on-latency-and-bandwidth/#speed-of-light-and-propagation-latency\">“sluggish”</a> (over 300ms), and turn them into sites that load comfortably fast (under 300ms).</p><p>The more efficient handshake is only possible because some of the legacy features present in TLS 1.2 were removed from the protocol. TLS 1.3 also has the additional advantage that for sites you’ve visited recently, you can send data on the first message to the server. This is called “zero round trip” mode (0-RTT) and will result in even faster load times. CloudFlare is planning to support TLS 1.3 0-RTT in the coming weeks.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"live-for-all\">Live for all</h3>\n <a href=\"#live-for-all\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>TLS 1.3 is huge step forward for web security and performance. It’s available to all CloudFlare customers, and enabled by default for all Free and Pro customers. You will find the toggle to enable/disable TLS 1.3 in the Crypto tab of the CloudFlare dashboard.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2gBklXLwNX8MsBrkyjoqup/96d12ceb76d73c581d91f75453f20d29/image00.png\" alt=\"\" class=\"kg-image\" width=\"1922\" height=\"320\" loading=\"lazy\"/>\n \n </figure><p>The TLS 1.3 specification is still being polished, but the IETF is very close to settling on a final version of the protocol. Major browser vendors Firefox and Chrome have implemented preliminary versions of TLS 1.3 in their developer releases (<a href=\"https://nightly.mozilla.org/\">Firefox Nightly</a> and <a href=\"https://www.google.com/chrome/browser/canary.html\">Chrome Canary</a>), and we’re updating our implementation to match the current version in these browsers until the specification is final. Expect a faster, safer web browsing experience as more browsers enable TLS 1.3 by default in the coming months.</p><hr/><p><b>How to enable TLS 1.3 in your browser</b></p><p>Firefox Nightly</p><ul><li><p>Install and run Firefox nightly: <a href=\"https://nightly.mozilla.org/\">https://nightly.mozilla.org/</a></p></li><li><p>Enter &quot;about:config&quot; in the address bar</p></li><li><p>Set security.tls.version.max from 3 to 4</p></li><li><p>Restart the browser</p></li></ul><p>Chrome Canary</p><ul><li><p>Install and run Chrome Canary: <a href=\"https://www.google.com/chrome/browser/canary.html\">https://www.google.com/chrome/browser/canary.html</a></p></li><li><p>Enter &quot;chrome://flags/&quot; in the address bar</p></li><li><p>Go to &quot;Maximum TLS version enabled.&quot; and select &quot;TLS 1.3&quot;</p></li><li><p>Restart the browser</p></li></ul>"],"published_at":[0,"2016-09-20T14:04:52.000+01:00"],"updated_at":[0,"2024-10-10T00:41:33.488Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5NkV2keoVVLzTUxmoFl6NS/23c9b2b9c3517ba25d32335625ff9711/introducing-tls-1-3.jpg"],"tags":[1,[[0,{"id":[0,"14zCAfc7F9ROKtNbSxs2Pe"],"name":[0,"TLS 1.3"],"slug":[0,"tls-1-3"]}],[0,{"id":[0,"56vA0Z6hqev6QaJBQmO2J8"],"name":[0,"TLS"],"slug":[0,"tls"]}],[0,{"id":[0,"5US4l4wdDysuDpZ4ktL3yP"],"name":[0,"HTTPS"],"slug":[0,"https"]}],[0,{"id":[0,"6FnsX11DsaqBlZLx6DA0oP"],"name":[0,"RSA"],"slug":[0,"rsa"]}],[0,{"id":[0,"6QktrXeEFcl4e2dZUTZVGl"],"name":[0,"Product News"],"slug":[0,"product-news"]}],[0,{"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"name":[0,"Security"],"slug":[0,"security"]}],[0,{"id":[0,"3skwJ34K0c3CEY1cNogR4n"],"name":[0,"Chrome"],"slug":[0,"chrome"]}],[0,{"id":[0,"5grQBv96AL5Ck0c8I54a0f"],"name":[0,"Crypto Week"],"slug":[0,"crypto-week"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Nick Sullivan"],"slug":[0,"nick-sullivan"],"bio":[0,"Nick Sullivan was Head of Research (& Cryptography) at Cloudflare until 2023. He is passionate about improving security and privacy through cutting-edge research and the development of open standards."],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1awsFzXodRY6h5BEcWKcCE/790c21d068aea9d2fd26497f095abdc5/nick-sullivan.jpg"],"location":[0,"San Francisco"],"website":[0,"https://crypto.dance"],"twitter":[0,"@grittygrease"],"facebook":[0,null]}]]],"meta_description":[0,null],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Introducing TLS 1.3 Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/introducing-tls-1-3"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,""]}]}],[0,{"id":[0,"6K4djwcZ8vGemZD7mCtRDG"],"title":[0,"It takes two to ChaCha (Poly)"],"slug":[0,"it-takes-two-to-chacha-poly"],"excerpt":[0,"Not long ago we introduced support for TLS cipher suites based on the ChaCha20-Poly1305 AEAD, for all our customers. Back then those cipher suites were only supported by the Chrome browser and Google's websites, but were in the process of standardization. "],"featured":[0,false],"html":[0,"<p>Not long ago we introduced support for TLS cipher suites based on the <a href=\"/do-the-chacha-better-mobile-performance-with-cryptography\">ChaCha20-Poly1305 AEAD</a>, for all our customers. Back then those cipher suites were only supported by the Chrome browser and Google&#39;s websites, but were in the process of standardization. We introduced these cipher suites to give end users on mobile devices the best possible performance and security.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/76JfUTKzzJ1Ekd3YCMKaoq/9105193b000f8311ecc51c0e4ce14629/2821666673_99ffefc4fa_z.jpg\" alt=\"\" class=\"kg-image\" width=\"640\" height=\"428\" loading=\"lazy\"/>\n \n </figure><p><a href=\"https://creativecommons.org/licenses/by-nd/2.0/\">CC BY-ND 2.0</a> <a href=\"https://www.flickr.com/photos/edwinylee/2821666673/in/photolist-5ikMcp-bAg3F4-e6jkMk-e6jkZp-6P2N19-jwGM2U-9kgP2-5Uxu5g-uktqX-jr1RU-77dm17-VCRrX-7SuN38-7k7tua-5YMmzn-6YgumF-59e8A2-9rVhgZ-8CJxKR-aLEEYi-5hpUs3-5kCBuv-5UNsd4-DneuNV-8CJsXa-8CJrir-Cx78Fi-DsbZ29-Cx8w9x-8CMz3w-D3oryJ-aLEBzX-4cta2C-8CMADj-9rVgpc-5kCBy8-9rVeBP-8CJxwv-8CJyRr-8CJxVH-8CJxhi-8CJrtr-8CMy1o-8CMBgY-8CJuu4-8CJv4t-Cx74wB-8CMzFq-8CJts6-rpdreQ\">image</a> by <a href=\"https://www.flickr.com/photos/edwinylee/\">Edwin Lee</a></p><p>Today the standardization process is all but complete and implementations of the most recent specification of the cipher suites have begun to surface. Firefox and OpenSSL have both implemented the new cipher suites for upcoming versions, and Chrome updated its implementation as well.</p><p>We, as pioneers of ChaCha20-Poly1305 adoption on the web, also updated our <a href=\"https://github.com/cloudflare/sslconfig\">open sourced patch for OpenSSL</a>. It implements both the older &quot;draft&quot; version, to keep supporting millions of users of the existing versions of Chrome, and the newer &quot;RFC&quot; version that supports the upcoming browsers from day one.</p><p>In this blog entry I review the history of ChaCha20-Poly1305, its standardization process, as well as its importance for the future of the web. I will also take a peek at its performance, compared to the other standard AEAD.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"what-is-an-aead\">What is an AEAD?</h3>\n <a href=\"#what-is-an-aead\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>ChaCha20-Poly1305 is an AEAD, Authenticated Encryption with Additional Data cipher. AEADs support two operations: &quot;seal&quot; and &quot;open&quot;. Another common AEAD in use for TLS connections is AES-GCM.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/LhV85lpve8IUcgsPIy7pJ/8eee50347c1e4dfb6c1faec4f59749df/5739303393_511a9264b9_z.jpg\" alt=\"\" class=\"kg-image\" width=\"640\" height=\"480\" loading=\"lazy\"/>\n \n </figure><p><a href=\"https://creativecommons.org/licenses/by/2.0/\">CC BY 2.0</a> <a href=\"https://www.flickr.com/photos/adactio/5739303393/in/photolist-9KaqWM-7oFA8P-DVB5q9-6rPWNc-7dr2Q6-6rU8bG-73MpAa-ahpmBH-57Aa9w-6rUazb-dUKpD3-8JDz4J-ahs6pC-VBS4Z-qeqvFj-aKMJfk-khMnPh-okCvp5-aXWudP-op4rz1-khKCV2-gKDihZ-8pfaXg-7xs15k-nWn1nW-dVvLrD-kaioud-qCMd9L-5EmRR4-khJYvt-qU1p3X-awaTdB-o6zhX1-peqrqu-e6nWX5-9mSGEZ-cFuzqG-aBBYgA-dfGdDQ-awdzjY-7vfyGt-dVQQYp-5g67ag-95QKtU-fBcZu1-gvFgpu-482uHD-hNJ7Kv-7vjnzL-7iKj4g\">image</a> by <a href=\"https://www.flickr.com/photos/adactio/\">Jeremy Keith</a></p><p>The &quot;seal&quot; operation receives the following as input:</p><ol><li><p>The message to be encrypted - this is the plaintext.</p></li><li><p>A secret key.</p></li><li><p>A unique initialization value - aka the IV. It must be unique between invocations of the &quot;seal&quot; operation with the same key, otherwise the secrecy of the cipher is completely compromised.</p></li><li><p>Optionally some other, non-secret, additional data. This data will not be encrypted, but will be authenticated - this is the AD in AEAD.</p></li></ol><p>The &quot;seal&quot; operation uses the key and the IV to encrypt the plaintext into a ciphertext of equal length, using the underlying cipher. For ChaCha20-Poly1305 the cipher is ChaCha20 and for AES-GCM (the other AEAD in common use) the cipher is AES in CounTeR mode (AES-CTR).</p><p>After the data is encrypted, &quot;seal&quot; uses the key (and optionally the IV) to generate a secondary key. The secondary key is used to generate a keyed hash of the AD, the ciphertext and the individual lengths of each. The hash used in ChaCha20-Poly1305, is Poly1305 and in AES-GCM the hash is GHASH.</p><p>The final step is to take the hash value and encrypt it too, generating the final MAC (Message Authentication Code) and appending it to the ciphertext.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2BR7qw6OQK1fvPlEhEN6G6/547d24463da25fadc7885b8c6fddde69/5730883_872a32b09d_z.jpg\" alt=\"\" class=\"kg-image\" width=\"640\" height=\"426\" loading=\"lazy\"/>\n \n </figure><p><a href=\"https://creativecommons.org/licenses/by-sa/2.0/\">CC BY-SA 2.0</a> <a href=\"https://www.flickr.com/photos/genista/5730883/in/photolist-vnAk-nbwijY-oqvP2U-djVTUr-4HRo5J-7vyDSj-4ruBSh-4GViwx-upr6h-dTawSs-boDYGK-F3UhJ-nr9o9-8S78ic-9znk6k-5ByUdb-5FwdxE-4zvHb3-rcCeg9-363XxR-6c2mhp-2WP2cp-2WTsWS-2WTuSq-mXTrWc-2WTtid-qMsATA-xj9C8-e1wsgc-euuypv-atjkJQ-Ldsdy-73xJpA-uj5nP-964Fgq-4aFbEx-7zS5wE-7EXkPD-5m2URM-bwMFxR-4tR3xD-9eXn1R-5TeoZP-6oZYqj-8ugZ6e-5m2Xmt-4BuPz9-8Tv15P-4tV4Nj-Gj3Xz\">image</a> by <a href=\"https://www.flickr.com/photos/genista\">Kai Schreiber</a></p><p>The &quot;open&quot; operation is the reverse of &quot;seal&quot;. It takes the same key and IV and generates the MAC of the ciphertext and the AD, similarly to the way &quot;seal&quot; did. It then reads the MAC appended after the ciphertext, and compares the two. Any difference in the MAC values would mean the ciphertext or the AD was tampered with, and they should be discarded as unsafe. If the two match, however, the operation decrypts the ciphertext, returning the original plaintext.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"what-makes-aeads-special\">What makes AEADs special?</h3>\n <a href=\"#what-makes-aeads-special\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>AEADs are special in the sense that they combine two algorithms - cipher and MAC, into a single primitive, with provable security guarantees. Before AEADs, it was acceptable to take some cipher and some MAC, which were considered secure independently, and combine them into an insecure combination. For example some combinations were broken by reusing the same keys for encryption and MAC (AES-CBC with CBC-MAC), while others by performing MAC over plaintext instead of the ciphertext <a href=\"/padding-oracles-and-the-decline-of-cbc-mode-ciphersuites/\">AES-CBC with HMAC in TLS</a>.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"the-new-kid-in-the-block\">The new kid in the block</h3>\n <a href=\"#the-new-kid-in-the-block\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Up until recently the only standard AEAD used was AES-GCM. The problem with that, is that if someone breaks the GCM mode, we are left with no alternative - you wouldn&#39;t want to jump out of a plane without a backup parachute, would you? ChaCha20-Poly1305 is this backup.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/55zEvzS1lYE9ktrdEuEosi/47cac47d4446d20894e485e6fe408838/3636735800_8670fbf207_z.jpg\" alt=\"\" class=\"kg-image\" width=\"640\" height=\"480\" loading=\"lazy\"/>\n \n </figure><p><a href=\"https://creativecommons.org/licenses/by/2.0/\">CC BY 2.0</a> <a href=\"https://www.flickr.com/photos/linasmith/3636735800/in/photolist-6xndRo-6xgauc-4bxmdZ-4P1iZd-5vfNfG-5vfNMy-5rTQCD-4NVQHp-6ct79D-4P1qUy-6cMX5f-4NVRfT-4NWbtP-6cH2JT-5vfQM7-4P15W7-4NVR7z-4NVQUK-6cMgD9-4P1jQw-6cH1Rp-4NVYLa-6cMdWY-4NVQCR-4P1633-4P1vM7-4P1qY1-5vfPuA-5vbu8R-4NWteT-4NWkXt-4P1jD9-4NWbp4-4NVT4n-6cMvnB-cV4Qz7-4NW4At-6cRDd3-4NW5BR-4NW4Ke-4P16td-fnssrZ-4NW5G4-4P1kcN-4P1jGs-4P1wjG-4P1AqE-4NVTRZ-4P1jzu-4NWgBB\">image</a> by <a href=\"https://www.flickr.com/photos/linasmith\">lina smith</a></p><p>We can&#39;t really call either ChaCha20 or Poly1305 really new. Both are the brain children of Daniel J. Bernstein (DJB). ChaCha20 is based upon an earlier cipher developed by DJB called Salsa, that dates back to 2005, and was submitted to the eSTREAM competition. ChaCha20 itself was published in 2008. It slightly modifies the Salsa round, and the number 20 indicates that it repeats for 20 rounds in total. Similar to AES-CTR, ChaCha20 is a stream cipher. It generates a pseudo-random stream of bits from an incremented counter, the stream is then &quot;XORed&quot; with plaintext to encrypt it (or &quot;XORed&quot; with ciphertext to decrypt). Because you do not need to know the plaintext in advance to generate the stream, this approach allows both to be very efficient and parallelizable. ChaCha20 is a 256-bit cipher.</p><p>Poly1305 was published in 2004. Poly1305 is a MAC, and can be used with any encrypted or unencrypted message, to generate a keyed authentication token. The purpose of such tokens is to guarantee the integrity of a given message. Originally Poly1305 used AES as the underlying cipher (Poly1305-AES); now it uses ChaCha20. Again, similarly to GHASH, it is a polynomial evaluation hash. Unlike GHASH, its key changes for each new message, because it depends on the IV. When DJB developed this MAC, he made it especially suited for efficient execution on the floating point hardware present on the CPUs back then. Today it is much more efficient to execute using 64-bit integer instructions, and might have been designed slightly differently.</p><p>Both have received considerable scrutiny from the crypto community in the years since, and today are considered completely safe, albeit there is a concern about the <a href=\"http://www.metzdowd.com/pipermail/cryptography/2016-March/028824.html\">monoculture</a> that forms when one person is responsible for so many standards in the industry (DJB is also responsible for Curve25519 key exchange).</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"from-zero-to-hero\">From zero to hero</h3>\n <a href=\"#from-zero-to-hero\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The body that governs internet standards is the IETF - Internet Engineering Task Force. All the standards we use on the internet, including TLS, come from that organization. All standards that relate to encryption come from the TLS and CFRG workgroups of IETF. The standardization process is open to all, and the correspondence that relates to it is kept public in a special <a href=\"https://mailarchive.ietf.org/arch/\">archive</a>.</p><p>The first mention for ChaCha20-Poly1305 I found in the archive dates to <a href=\"https://www.ietf.org/mail-archive/web/tls/current/msg09707.html\">30 July 2013</a>. It is still referred to as Salsa back then.</p><p>After some time and debate an <a href=\"https://datatracker.ietf.org/doc/draft-agl-tls-chacha20poly1305/\">initial draft</a> was published by Adam Langley from Google in September 2013. The latest draft of the ChaCha20-Poly1305 for TLS including all the previous revisions can be found <a href=\"https://datatracker.ietf.org/doc/draft-ietf-tls-chacha20-poly1305/\">here</a>. It is interesting to see the incremental process, and the gradual refinement. For example initially ChaCha20 was also supposed to work with HMAC-SHA1.</p><p>Another standard that defines the general usage of ChaCha20-Poly1305 is <a href=\"https://datatracker.ietf.org/doc/rfc7539/\">RFC7539</a>. First published in January 2014, it was standardized in May 2015.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"differences\">Differences</h3>\n <a href=\"#differences\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>There are two key differences between the draft version we initially implemented and the current version of the cipher suites that make the two incompatible.</p><p>The first difference relates to how the cipher suite is used in TLS. The current version incorporated the TLS records sequence number into the IV generation, making it more resistant to dangerous IV reuse.</p><p>The second difference relates to how Poly1305 applies to the TLS record. Records are the equivalent of a TCP packet for TLS. When data is streamed over TLS, it is broken into many smaller records. Each record holds part of the data (encrypted), with the MAC calculated for that record. It also holds other information, such as the protocol version, record type and length. The maximum amount of data a single record can hold is 16KB.</p><p>The draft Poly1305 calculated the hash of the additional data, followed by the length of the additional data as an 8 byte string, followed by the ciphertext, followed by the length of the ciphertext as an 8 byte string. In the current iteration, the hash is generated over the additional data, padded with zeroes to 16 byte boundary, followed by ciphertext similarly padded with zeroes, followed by the length of the additional data as an 8 byte string, followed by the length of the ciphertext as an 8 byte string.</p><p>The older cipher suites can be identified by IDs {cc}{13}, {cc}{14} and {cc}{15}, while the newer cipher suites have IDs {cc}{a8} through {cc}{ae}.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"future-of-chacha20-poly1305\">Future of ChaCha20-Poly1305</h3>\n <a href=\"#future-of-chacha20-poly1305\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Today we already see that almost 20% of all the request to sites using CloudFlare use <a href=\"/padding-oracles-and-the-decline-of-cbc-mode-ciphersuites/\">ChaCha20-Poly1305</a>. And that is with only one browser supporting it. In the coming months Firefox will join the party, potentially increasing this number.</p><p>More importantly, the IETF is currently finalizing another very important standard, <a href=\"/going-to-ietf-95-join-the-tls-1-3-hackathon/\">TLS 1.3</a>. Right now it looks like TLS 1.3 will allow AEADs only, leaving AES-GCM and ChaCha20-Poly1305 as the only two options (for now). This would definitely bring the usage of ChaCha20-Poly1305 up significantly.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"can-you-handle-it\">Can you handle it?</h3>\n <a href=\"#can-you-handle-it\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Given the rising popularity of ChaCha20-Poly1305 suites, and TLS in general, it is important to have efficient implementations that does not hog too much of the servers&#39; CPU time. ChaCha20-Poly1305 allows for highly efficient implementation using SIMD instructions. Most of our servers are based on Intel CPUs with 256-bit SIMD extensions called AVX2. We utilize those to get the maximal performance.</p><p>The main competition for ChaCha20-Poly1305 are the AES-GCM based cipher suites. The most widely used AES-GCM, uses AES with 128 bit key, however in terms of security AES-256 is more comparable to ChaCha20.</p><p>Usually cipher performance numbers are reported for large messages, to show asymptotic performance, but on our network we started using <a href=\"https://istlsfastyet.com/\">dynamic record sizing</a>. In practice it means many connections will never reach the maximal size of a TLS record (16KB), but instead will use significantly smaller records (below 1400 bytes). The records dynamically grow as the connection progresses, scaling to about 4KB and eventually to 16KB. Most messages will also not fit precisely into a record, and all sizes are possible.</p><p>Below are two graphs, comparing the performance of our ChaCha20-Poly1305 to the implementation in OpenSSL 1.1.0 pre, and to AES-GCM. The performance is reported in CPU cycles per byte, for a plaintext of given length, when performing the &quot;seal&quot; operation on a given plaintext with 13 bytes of AD, similarly to TLS. The first graph covers sizes 64-1536, while the second covers the remaining sizes to 16KB.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4aCgzCF31FBk2y2x6JALC6/2bcdb455449826306a0ac7997a7947ac/image01.png\" alt=\"\" class=\"kg-image\" width=\"754\" height=\"327\" loading=\"lazy\"/>\n \n </figure><p>CPU cycles per byte (Y-axis) vs. record size in bytes (X-axis)</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/67MyIu3q0slgs053DHqy6L/c3bca79b186604388233fe17fbe435d3/image00.png\" alt=\"\" class=\"kg-image\" width=\"754\" height=\"327\" loading=\"lazy\"/>\n \n </figure><p>CPU cycles per byte (Y-axis) vs. record size in bytes (X-axis)</p><p>We can see that our implementation significantly outperforms OpenSSL for short records, and is slightly faster for longer records. The average performance advantage is 7%. AES-128-GCM and AES-256-GCM both still beat ChaCha20-Poly1305 in pure performance for records larger than 320 bytes, but getting below 2 cycles/byte is a major performance achievement. Not many modes can beat this performance. It is also important to note that AES-GCM uses two dedicated CPU instructions (AESENC and CLMULQDQ), whereas both ChaCha and Poly only use the generic SIMD instructions.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"performance-outlook\">Performance outlook</h3>\n <a href=\"#performance-outlook\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The current performance is outstanding. We measured the performance on a Haswell CPU. Broadwell and Skylake CPUs actually perform AES-GCM faster, but we don&#39;t use them in our servers yet.</p><p>In the future, processors with wider SIMD instructions are expected to bridge the performance gap. The AVX512 will provide instructions twice as wide, and potentially will improve the performance two fold as well, bringing it below 1 cycle/byte. Following AVX512, Intel is expected to release the AVX512IFMA extensions too, that will accelerate Poly1305 even <a href=\"https://rt.openssl.org/Ticket/Display.html?id=3615&user=guest&pass=guest\">further</a>.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"conclusion\">Conclusion</h3>\n <a href=\"#conclusion\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>CloudFlare is constantly pushing the envelope in terms of TLS performance and availability of the most secure cipher suites and modes. We are actively involved in the development and specification of TLS 1.3 and are committed to open source by releasing our performance patches.</p>"],"published_at":[0,"2016-04-04T12:50:49.000+01:00"],"updated_at":[0,"2024-10-10T00:41:15.207Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7BCwdUMZxJWdObDFPchekO/3184999e74d2a75d07003d6157cd31b7/it-takes-two-to-chacha-poly.jpg"],"tags":[1,[[0,{"id":[0,"56vA0Z6hqev6QaJBQmO2J8"],"name":[0,"TLS"],"slug":[0,"tls"]}],[0,{"id":[0,"48r7QV00gLMWOIcM1CSDRy"],"name":[0,"Speed & Reliability"],"slug":[0,"speed-and-reliability"]}],[0,{"id":[0,"3skwJ34K0c3CEY1cNogR4n"],"name":[0,"Chrome"],"slug":[0,"chrome"]}],[0,{"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"name":[0,"Security"],"slug":[0,"security"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Vlad Krasnov"],"slug":[0,"vlad-krasnov"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4aDp3XtkBoeuPj5b9e5oRE/084f9a39036700298e0a62b5e8c2aa3c/vlad-krasnov.jpg"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,null],"primary_author":[0,{}],"localeList":[0,{"name":[0,"It takes two to ChaCha (Poly) Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/it-takes-two-to-chacha-poly"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,""]}]}],[0,{"id":[0,"7ui5caRWJVeEoaAtbodxbZ"],"title":[0,"CloudFlare and SHA-1 Certificates"],"slug":[0,"cloudflare-and-sha-1-certificates"],"excerpt":[0,"At CloudFlare, we’re dedicated to ensuring sites are not only secure, but also available to the widest audience. In the coming months, both Google’s Chrome browser and Mozilla’s Firefox browser are changing their policy with respect to certain web site certificates."],"featured":[0,false],"html":[0,"\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1KyxTyEipBXAiGVvzAZQRq/7556977a9325591dd6b4877badecb7ea/ff-chrome.jpg\" alt=\"\" class=\"kg-image\" width=\"391\" height=\"380\" loading=\"lazy\"/>\n \n </figure><p>At CloudFlare, we’re dedicated to ensuring sites are not only secure, but also available to the widest audience. In the coming months, both Google’s Chrome browser and Mozilla’s Firefox browser are changing their policy with respect to certain web site certificates. We are aware of these changes, and we have modified our SSL offerings to ensure customer sites continue to be secure and available to all visitors.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"chrome-and-firefox-and-sha-1\">Chrome (and Firefox) and SHA-1</h3>\n <a href=\"#chrome-and-firefox-and-sha-1\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Google will be making changes to its Chrome browser in upcoming versions to change the way they treat certain web site certificates based on their digital signature. These changes affect <a href=\"https://blog.digicert.com/ending-trust-sha-1/\">over 80% of websites</a>.</p><p>As described in our blog post on <a href=\"/introducing-cfssl/\">CFSSL</a>, web site certificates are organized using a chain of trust. <a href=\"http://en.wikipedia.org/wiki/Digital_signature\">Digital signatures</a> are the glue that connects the certificates in the chain. Each certificate is digitally signed by its issuer using a digital signature algorithm defined by the type of key and a cryptographic hash function (such as MD5, SHA-1, SHA-256).</p><p>Starting in Chrome 39 (to be released this month, November 2014), certificates signed with a SHA-1 signature algorithm will be considered less trusted than those signed with a more modern SHA-2 algorithm. This change will be reflected in the UI presented to web visitors.</p><p>By Chrome 41 (early 2015), any web site with a certificate that expires in 2016 or later will be shown as untrusted if either:</p><ul><li><p>The certificate is signed with a SHA-1 algorithm</p></li><li><p>One of the certificates in its trust chain is signed with a SHA-1 algorithm (roots are exceptions)</p></li></ul><p>This post on the <a href=\"http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html\">Chromium Blog</a> outlines the schedule of the rollout.</p><p>Web sites that want to remain trusted by Google Chrome need to either have a SHA-2 certificate or a SHA-1 certificate that expires before 2016. Otherwise, their site will appear to Chrome users with a warning like this:</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/572j0r9H5JhhGETwfcjXnj/8a1a291f65595f7cb046a4ede8610ec6/ChromeUI.png\" alt=\"\" class=\"kg-image\" width=\"272\" height=\"72\" loading=\"lazy\"/>\n \n </figure><p>Mozilla is also implementing a <a href=\"https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/\">similar change in their Firefox browser</a> in early 2015, marking SHA-1 certificates as untrusted if they expire in 2016 or later.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"compatibility-first\">Compatibility First</h3>\n <a href=\"#compatibility-first\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Chrome’s decision puts many website owners in a bind. Sites either have to re-issue their SHA-1 certificates with a shorter expiration period, or upgrade to SHA-2. The problem with upgrading is that not all web browsers support SHA-2 certificates. Notably, Windows XP SP2 does not support SHA-2 based certificates. Windows XP is still a popular operating system despite the fact that <a href=\"http://www.microsoft.com/en-us/windows/enterprise/end-of-support.aspx\">Microsoft no longer supports it</a>. It is <a href=\"http://www.computerworld.com/article/2484761/microsoft-windows/china-has-a-massive-windows-xp-problem.html\">especially popular in China</a>, the <a href=\"http://www.pewresearch.org/fact-tank/2013/12/02/china-has-more-internet-users-than-any-other-country/\">largest Internet market in the world</a>. Sites that use a SHA-2 certificate are inaccessible to these web users over https.</p><p>GlobalSign has put together a <a href=\"https://support.globalsign.com/customer/portal/articles/1499561\">comprehensive list of SHA-2 client support</a>.</p><p>Sites that have tried to upgrade to SHA-2 have seen a backlash due to browser incompatibility. In July, mozilla.org upgraded their site to use a SHA-2 certificate. In doing so they lost around <a href=\"https://bugzilla.mozilla.org/show_bug.cgi?id=1064387\">145,000 Firefox downloads per week</a> due to browser incompatibility. Even google.com (as of November 10, 2014) continues to use SHA-1 for compatibility reasons, despite the company’s push to deprecate SHA-1 in Chrome.</p><p>To support both Chrome and Windows XP SP2 it’s necessary to use a SHA-1 certificate that expires before 2016. This is the option we have chosen for CloudFlare-managed certificates.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"cloudflare-customers\">CloudFlare Customers</h3>\n <a href=\"#cloudflare-customers\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Last week, we reissued all certificates for paid CloudFlare customers. The new certificates are signed with the SHA-1 signature algorithm and expire before 2016. This way all customers sites will be viewable by visitors on Windows XP SP2 <i>and</i> Chrome, just as they are today.</p><ul><li><p>All paid customers now get a CloudFlare-managed SHA-1 certificate that expires in late 2015.</p></li><li><p>All free customers are given certificates through CloudFlare’s Universal SSL. They are SHA-2 by default.</p></li></ul><p>For customers using CloudFlare’s certificates there is no action to be taken. Business and Enterprise customers with custom certificates who may be affected by the change have already been contacted with details and specific instructions.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"the-future-of-https-at-cloudflare\">The Future of HTTPS at CloudFlare</h3>\n <a href=\"#the-future-of-https-at-cloudflare\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>In 2015, we will roll out state-of-the-art SNI certificates to all paid customers and retain the SHA-1 certificates as a fallback. This means that any browser that supports the modern security features we <a href=\"/universal-ssl-how-it-scales/\">introduced with Universal SSL</a> (ECDSA, SHA-256 and SNI) will be presented with the modern certificate and old browsers (such as IE on Windows XP) will be presented with the current SHA-1 certificate. This ensures that all sites on the paid CloudFlare service are reachable by the largest audience possible, while providing state-of-the-art security for any browser that supports it.</p>"],"published_at":[0,"2014-11-10T23:28:32.000+00:00"],"updated_at":[0,"2024-10-10T00:40:25.130Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7IAxWxELNacj1A03s2j0Yg/9fdb36e3984ae2eea608c2054b43c368/cloudflare-and-sha-1-certificates.jpg"],"tags":[1,[[0,{"id":[0,"3skwJ34K0c3CEY1cNogR4n"],"name":[0,"Chrome"],"slug":[0,"chrome"]}],[0,{"id":[0,"kn8Lmy4luvCeAabblVvHH"],"name":[0,"Firefox"],"slug":[0,"firefox"]}],[0,{"id":[0,"5US4l4wdDysuDpZ4ktL3yP"],"name":[0,"HTTPS"],"slug":[0,"https"]}],[0,{"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"name":[0,"Security"],"slug":[0,"security"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Nick Sullivan"],"slug":[0,"nick-sullivan"],"bio":[0,"Nick Sullivan was Head of Research (& Cryptography) at Cloudflare until 2023. He is passionate about improving security and privacy through cutting-edge research and the development of open standards."],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1awsFzXodRY6h5BEcWKcCE/790c21d068aea9d2fd26497f095abdc5/nick-sullivan.jpg"],"location":[0,"San Francisco"],"website":[0,"https://crypto.dance"],"twitter":[0,"@grittygrease"],"facebook":[0,null]}]]],"meta_description":[0,null],"primary_author":[0,{}],"localeList":[0,{"name":[0,"CloudFlare and SHA-1 Certificates Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/cloudflare-and-sha-1-certificates"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,""]}]}],[0,{"id":[0,"4DLn2kM9SaXhB138yI9EFd"],"title":[0,"Using CloudFlare to mix domain sharding and SPDY"],"slug":[0,"using-cloudflare-to-mix-domain-sharding-and-spdy"],"excerpt":[0,"It’s common knowledge that domain sharding, where the resources in a web page are shared across different domains (or subdomains), is a good thing. "],"featured":[0,false],"html":[0,"<p><i>Note: this post originally appeared as part of the </i><a href=\"http://calendar.perfplanet.com/2013/\"><i>2013 PerfPlanet Calendar</i></a></p><p>It’s common knowledge that domain sharding, where the resources in a web page are shared across different domains (or subdomains), is a good thing. It’s a good thing because browsers limit the number of connections per domain: splitting a web page across domains means more connections and hence faster page downloads. Overall domain sharding results in a better end-user experience, and can be a useful way of sharing load across web servers.</p><p>But with the adoption of Google’s SPDY protocol the domain sharding situation is totally different. In fact, domain sharding can hurt performance when SPDY is in use and isn’t <a href=\"http://www.chromium.org/spdy/spdy-best-practices\">recommended</a>. To understand why, here’s the popular 4chan.org web site downloaded without SPDY but using SSL (it’s possible to do this comparison without SSL, but less interesting because the timings are very different).</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4ujkST6m884tzfzwb11KJx/1fb5571fe8c36739468aa4f3332374e3/jgc6.png\" alt=\"\" class=\"kg-image\" width=\"941\" height=\"426\" loading=\"lazy\"/>\n \n </figure><p>You can see that there are three domains involved: <a href=\"http://www.4chan.org\">www.4chan.org</a> (from which the initial HTML is downloaded), s.4cdn.org and t.4cdn.org. 4chan is using two domains to shard resources like JavaScript, CSS and images. After the initial HTML is downloaded on line 1, the browser (I used IE 10 here) looks up the DNS entry for s.4cdn.org and t.4cdn.org and opens three connections to each (lines 2 to 7).</p><p>In the diagram above the orange represents the TCP connection, and the purple the SSL negotiation. After using those 6 connections to download a resource, the same connections are reused (classic HTTP/1.1 Keep-Alive behaviour) to get further resources. Finally, line 16, there’s a separate connection to send Google Analytics information.</p><p>Now take a look at the same site downloaded using SPDY/2 via Google Chrome.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6quofHrSSDVAzXegbsAY5a/97b9764e6e898b42e0e57eb112de849f/jgc8.png\" alt=\"\" class=\"kg-image\" width=\"940\" height=\"410\" loading=\"lazy\"/>\n \n </figure><p>Line 1 shows the same sort of connection, SSL negotiation and download of the page (here it took 591ms to complete vs. 549 ms above). But then the behaviour is totally different. Line 2 shows a single TCP connection and single SSL negotiation to s.4cdn.org. That connection is then used to download all the resources for s.4cdn.org and t.4cdn.org in parallel. Finally, there’s the same, separate Google Analytics connection. What you’re seeing there is SPDY in action.</p><p>The SPDY version was slightly faster: the page was visually complete at 1.1s; with SSL without SPDY it was 1.3s (although you’d have to account for differences in paint time between IE 10 and Chrome to really understand those values). There are two important things happening in the SPDY version:</p><p>Firstly, Chrome has noticed that s.4cdn.org and t.4cdn.org are the same site (they have the same IP addresses and the certificate for s.4cdn.org is valid for t.4cdn.org as well: it’s a wildcard certificate for 4cdn.org) and so it doesn’t bother with separate SSL connection: one will do. It then requests resources from each of those domains across the same SPDY connection. To do that it simply specifies the correct Host in the SPDY request. These can be see in the chrome://net-internals view. Here are two requests on the same SPDY connection for different Hosts.</p><p>t=1386958552557 [st= 1] SPDY_SESSION_SYN_STREAM\n--&gt; fin = true\n--&gt; accept: */*\naccept-encoding: gzip,deflate,sdch\naccept-language: en-US,en;q=0.8,fr;q=0.6\ncache-control: no-cache\nhost: s.4cdn.org\nmethod: GET\npragma: no-cache\nreferer: <a href=\"https://www.4chan.org/\">https://www.4chan.org/</a>\nscheme: https\nurl: /js/fp-combined-compiled.7.js\nuser-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36\nversion: HTTP/1.1\n--&gt; stream_id = 5\n--&gt; unidirectional = false\nt=1386958552577 [st= 21] SPDY_SESSION_SYN_STREAM\n--&gt; fin = true\n--&gt; accept: image/webp,*/*;q=0.8\naccept-encoding: gzip,deflate,sdch\naccept-language: en-US,en;q=0.8,fr;q=0.6\ncache-control: no-cache\nhost: t.4cdn.org\nmethod: GET\npragma: no-cache\nreferer: <a href=\"https://www.4chan.org/\">https://www.4chan.org/</a>\nscheme: https\nurl: /cgl/thumb/1386957763148s.jpg\nuser-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36\nversion: HTTP/1.1\n--&gt; stream_id = 7\n--&gt; unidirectional = false</p><p>So, Chrome has detected that these domains are actually the same machine and made a single connection. That’s great, and doesn’t have a performance impact, but the actual decision to shard at all has had an impact.</p><p>Secondly, notice how in the SPDY case there are two TLS negotiations (one for <a href=\"http://www.4chan.org\">www.4chan.org</a> and one for s.4cdn.org). The site could have loaded much faster if all the resources had been on <a href=\"http://www.4chan.org\">www.4chan.org</a> (or on domains that shared a certificate; for this reason wildcard certificates work well with SPDY connections because the browser can use a single shared connection) because the entire download could have been done in a SPDY connection. Because 4chan uses a special domain (on a different IP with a different certificate) for resources it’s necessary to set up a new connection. In the example above, all the resources have to wait for a DNS lookup (27 ms), TCP connection (29 ms) and SSL negotiation (71 ms) before the SPDY connection can start requesting them. That’s a total of 127 ms. The page was visually complete in 1100 ms; if a single domain had been used then SPDY would have saved another 127 ms (almost 12% of the time).</p><p>So, for SPDY it’s actually better to not shard; for non-SPDY domain sharding remains a useful technique. (If you are interested in the actual test data the IE 10/SSL test is <a href=\"http://www.webpagetest.org/result/131213_FK_QC1/\">http://www.webpagetest.org/result/131213_FK_QC1/</a> and the Chrome/SPDY test is <a href=\"http://www.webpagetest.org/result/131213_NE_QCQ/\">http://www.webpagetest.org/result/131213_NE_QCQ/</a>).</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"the-best-of-both-worlds\">The best of both worlds</h3>\n <a href=\"#the-best-of-both-worlds\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The question then becomes, can you have the best of both worlds? With a little DNS trickery it’s possible to set up a site that works well whether SPDY is available or not. Since I don’t have access to 4chan to do live experiments, I copied the <a href=\"http://www.4chan.org\">www.4chan.org</a> home page and all the included resources to my own web server and set up three domains: r.jgc.org (the root domain), s.jgc.org (equivalent to s.4cdn.org) and t.jgc.org (equivalent to t.4cdn.org). I then manually edited the HTML and CSS so that all the linked resources pointed to either s.jgc.org and t.jgc.org in the same manner as the original 4chan site. But, critically, I used a single certificate for all three domains. Here’s the site being loaded using IE 10 over SSL.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/36hLzFeZOJ8i7mdm7MP6Hf/33556c46922a0a2e7a649c6c64893fe7/jgc2.png\" alt=\"\" class=\"kg-image\" width=\"937\" height=\"441\" loading=\"lazy\"/>\n \n </figure><p>And here’s the site loaded using Chrome with SPDY.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7gD8cltZjtCKvomgdCgtF1/8e19d99bada976cf600b34cf849b641d/jgc4.png\" alt=\"\" class=\"kg-image\" width=\"939\" height=\"423\" loading=\"lazy\"/>\n \n </figure><p>As you can see, the domain sharding worked in IE 10. There are multiple connections to the s.jgc.org and t.jgc.org domains downloading resources in parallel. And the same configuration worked for Chrome with SPDY because it detected that these shared a certificate and used a single SPDY connection for everything (including the initial page download).</p><p>In Chrome there was only a single TCP connection and a single DNS lookup needed despite the presence of three domains. The IE 10/SSL version was visually complete in 1100 ms and used 9 TCP/SSL connections (plus one extra for Google Analytics). The Chrome/SPDY version was visually complete 200ms (at 900ms) and used… a single SPDY connection (plus an extra connection for Google Analytics). If you’re interested the IE 10/SSL test is <a href=\"http://www.webpagetest.org/result/131213_NP_TB3/\">here</a> and the Chrome/SPDY test is <a href=\"http://www.webpagetest.org/result/131213_ZP_TBY/\">here</a>.</p><p>For the best performance for the older browsers and the latest, shiny SPDY browsers domain sharding should still be used but using a certificate that covers the domains used means that only a single SPDY connection will be needed.</p><p>CloudFlare Makes This EasyCloudFlare has both <a href=\"https://www.cloudflare.com/features-security\">simple SSL</a> options and <a href=\"https://www.cloudflare.com/features-cdn\">push button SPDY</a> available. By setting up SSL on CloudFlare with subdomains you&#39;ll automatically get SPDY as well. In the test above it took me about 10 minutes to set up the test subdomains on jgc.org and enable both SSL and SPDY.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"thanks\">Thanks</h3>\n <a href=\"#thanks\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Thanks to Andrew Galloni for his assistance reviewing and investigating the interaction between SPDY and domain sharding.</p>"],"published_at":[0,"2013-12-26T17:00:00.000+00:00"],"updated_at":[0,"2024-10-10T00:35:34.549Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5WRqZCAljphRjSx1MRJZQI/98d3c80ccbb100b7328e49756e37e39b/using-cloudflare-to-mix-domain-sharding-and-spdy.png"],"tags":[1,[[0,{"id":[0,"56vA0Z6hqev6QaJBQmO2J8"],"name":[0,"TLS"],"slug":[0,"tls"]}],[0,{"id":[0,"683doBhQG1RNA5TdzbpraJ"],"name":[0,"Google"],"slug":[0,"google"]}],[0,{"id":[0,"3skwJ34K0c3CEY1cNogR4n"],"name":[0,"Chrome"],"slug":[0,"chrome"]}],[0,{"id":[0,"1HElwgNEl197gbuevMX3lr"],"name":[0,"spdy"],"slug":[0,"spdy"]}],[0,{"id":[0,"48r7QV00gLMWOIcM1CSDRy"],"name":[0,"Speed & Reliability"],"slug":[0,"speed-and-reliability"]}],[0,{"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"name":[0,"Security"],"slug":[0,"security"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"John Graham-Cumming"],"slug":[0,"john-graham-cumming"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5vGNsXzZrtSLn2X30pnpUY/6f350e7dd36058a6422f9199b452bb02/john-graham-cumming.jpg"],"location":[0,"Lisbon, Portugal"],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,null],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Using CloudFlare to mix domain sharding and SPDY Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/using-cloudflare-to-mix-domain-sharding-and-spdy"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,""]}]}],[0,{"id":[0,"47tSgx3GbC9M36Jv0ftTSZ"],"title":[0,"Why some cryptographic keys are much smaller than others"],"slug":[0,"why-are-some-keys-small"],"excerpt":[0,"If you connect to CloudFlare's web site using HTTPS the connection will be secured using one of the many encryption schemes supported by SSL/TLS. "],"featured":[0,false],"html":[0,"<p>If you connect to <a href=\"https://www.cloudflare.com/\">CloudFlare&#39;s web site</a> using HTTPS the connection will be secured using one of the many encryption schemes supported by SSL/TLS. When I connect using Chrome I get an RC4_128 connection (with a 128-bit key) which used the ECDHE_RSA key exchange mechanism (with a 2,048-bit key) to set the connection up.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7G4da35qbg9auSgeT2YClg/94a14cd2d77227b4a74d532131b8b52c/cloudflare-tls.png\" alt=\"CloudFlare TLS Connection\" class=\"kg-image\" width=\"306\" height=\"433\" loading=\"lazy\"/>\n \n </figure><p>If you&#39;re not familiar with the cryptographic protocols involved you might be wondering why one part uses a 128-bit key and another a 2,048-bit key. And you&#39;d be forgiven for wondering why a large key wasn&#39;t used throughout and whether a 128-bit key is weaker than a 2,048-bit key. This blog post will explain why a 128-bit <i>symmetric</i> key is, in fact, a bit more secure than a 2,048-bit <i>asymmetric</i> key; you have to look at both the type of encryption being used (symmetric or asymmetric) and the key length to understand the strength of the encryption.</p><p>My connection above used a symmetric cipher (RC4_128) with a 128-bitkey and an asymmetric cipher (ECDHE_RSA) with a 2,048-bit key.</p><p>You might also have seen other key lengths in use. For example, when I connect to the British Government portal <a href=\"https://www.gov.uk/\">gov.uk</a> I get a TLS connection that uses AES_256_CBC (with a 256-bit key) set up using RSA with a 2,048-bit key. It&#39;s not uncommon to see RSA with a 1,024-bit key as well.</p><p>To understand these key lengths it&#39;s necessary to understand a little about the actual encryption schemes they are used with.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"symmetric-cryptography\">Symmetric Cryptography</h3>\n <a href=\"#symmetric-cryptography\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The RC4_128 and AES_256_CBC schemes mentioned above are <a href=\"https://en.wikipedia.org/wiki/Symmetric-key_algorithm\">symmetric cryptographic schemes</a>. Symmetric simply means that the same key is used to encipher and decipher the encrypted web traffic. In one case, a 128-bit key is used, in another a 256-bit key.</p><p>Symmetric cryptography is the oldest form there is. When children use a <a href=\"https://en.wikipedia.org/wiki/Caesar_cipher\">Caesar Cipher</a> (shifting each letter in the alphabet some fixed number of places) they are performing symmetric cryptography. In that case, the key is the number of places to shift letters and there are 26 possible keys (which is roughly like saying the Caesar Cipher has a roughly 5-bit key).</p><p>Here&#39;s a Caesar Shift with a key of 7 (each letter is moved up in the alphabet 7 places):</p><p>ISTHE BESTT HATCO RPORA LBOBB YSHAF TOECA NDOON SHORT NOTIC E\nPZAOL ILZAA OHAJV YWVYH SIVII FZOHM AVLJH UKVVU ZOVYA UVAPJ L</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4QAkwOHHM2r0OUPElBkBpv/ed81bf8342b3b74d2c701e8094b340ff/caesar-cipher.png\" alt=\"Caesar Cipher\" class=\"kg-image\" width=\"500\" height=\"211\" loading=\"lazy\"/>\n \n </figure><p>There are lots of ways to break the Caesar Cipher, but one way is to try out all 26 possible keys. That&#39;s really not that hard since there are only 26 possible solutions:</p>\n <pre class=\"language-bash\"><code class=\"language-bash\">PZAOL ILZAA OHAJV YWVYH SIVII FZOHM AVLJH UKVVU ZOVYA UVAPJ L\n----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -</pre></code>\n <p>0: PZAOL ILZAA OHAJV YWVYH SIVII FZOHM AVLJH UKVVU ZOVYA UVAPJ L\n1: OYZNK HKYZZ NGZIU XVUXG RHUHH EYNGL ZUKIG TJUUT YNUXZ TUZOI K\n2: NXYMJ GJXYY MFYHT WUTWF QGTGG DXMFK YTJHF SITTS XMTWY STYNH J\n3: MWXLI FIWXX LEXGS VTSVE PFSFF CWLEJ XSIGE RHSSR WLSVX RSXMG I\n4: LVWKH EHVWW KDWFR USRUD OEREE BVKDI WRHFD QGRRQ VKRUW QRWLF H\n5: KUVJG DGUVV JCVEQ TRQTC NDQDD AUJCH VQGEC PFQQP UJQTV PQVKE G\n6: JTUIF CFTUU IBUDP SQPSB MCPCC ZTIBG UPFDB OEPPO TIPSU OPUJD F\n7: ISTHE BESTT HATCO RPORA LBOBB YSHAF TOECA NDOON SHORT NOTIC E\n8: HRSGD ADRSS GZSBN QONQZ KANAA XRGZE SNDBZ MCNNM RGNQS MNSHB D\n9: GQRFC ZCQRR FYRAM PNMPY JZMZZ WQFYD RMCAY LBMML QFMPR LMRGA C\n10: FPQEB YBPQQ EXQZL OMLOX IYLYY VPEXC QLBZX KALLK PELOQ KLQFZ B\n11: EOPDA XAOPP DWPYK NLKNW HXKXX UODWB PKAYW JZKKJ ODKNP JKPEY A\n12: DNOCZ WZNOO CVOXJ MKJMV GWJWW TNCVA OJZXV IYJJI NCJMO IJODX Z\n13: CMNBY VYMNN BUNWI LJILU FVIVV SMBUZ NIYWU HXIIH MBILN HINCW Y\n14: BLMAX UXLMM ATMVH KIHKT EUHUU RLATY MHXVT GWHHG LAHKM GHMBV X\n15: AKLZW TWKLL ZSLUG JHGJS DTGTT QKZSX LGWUS FVGGF KZGJL FGLAU W\n16: ZJKYV SVJKK YRKTF IGFIR CSFSS PJYRW KFVTR EUFFE JYFIK EFKZT V\n17: YIJXU RUIJJ XQJSE HFEHQ BRERR OIXQV JEUSQ DTEED IXEHJ DEJYS U\n18: XHIWT QTHII WPIRD GEDGP AQDQQ NHWPU IDTRP CSDDC HWDGI CDIXR T\n19: WGHVS PSGHH VOHQC FDCFO ZPCPP MGVOT HCSQO BRCCB GVCFH BCHWQ S\n20: VFGUR ORFGG UNGPB ECBEN YOBOO LFUNS GBRPN AQBBA FUBEG ABGVP R\n21: UEFTQ NQEFF TMFOA DBADM XNANN KETMR FAQOM ZPAAZ ETADF ZAFUO Q\n22: TDESP MPDEE SLENZ CAZCL WMZMM JDSLQ EZPNL YOZZY DSZCE YZETN P\n23: SCDRO LOCDD RKDMY BZYBK VLYLL ICRKP DYOMK XNYYX CRYBD XYDSM O\n24: RBCQN KNBCC QJCLX AYXAJ UKXKK HBQJO CXNLJ WMXXW BQXAC WXCRL N\n25: QABPM JMABB PIBKW ZXWZI TJWJJ GAPIN BWMKI VLWWV APWZB VWBQK M</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"how-long\">How long?</h3>\n <a href=\"#how-long\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The goal of modern symmetric cryptography is to make this sort of&#39;trying out all the possible keys&#39; the only approach to breaking a symmetric cipher. Algorithms like <a href=\"https://en.wikipedia.org/wiki/RC4\">RC4</a> and <a href=\"https://en.wikipedia.org/wiki/Advanced_Encryption_Standard\">AES</a> scramble data based on a key. The key itself is, ideally, randomly chosen from the set of all possible keys.</p><p>On a side note, there are now <a href=\"/staying-on-top-of-tls-attacks\">serious problems with RC4</a> and as better replacements come along (such as ciphersuites based on AES) CloudFlare will update the ciphersuites it uses to provide the best level of protection.</p><p>That said the basic idea is that the only way to break into a connection secured with a symmetric cipher is to try out all the keys. Which brings us to 128-bit and 256-bit keys.</p><p>A 128-bit key means there are 340,282,366,920,938,463,463,374,607,431,768,211,456 possible keys to try. A 256-bit key has the square of that many keys to try: a hugenumber.</p><p>To put that in context imagine trying to test all the keys for a 128-bit AES encryption using the <a href=\"http://en.wikipedia.org/wiki/AES_instruction_set\">special AES instructions</a> added to the latest Intel microprocessors. These instructions are designed to be very fast and according to Intel&#39;s own data decrypting a block of AES encrypted data would take 5.6 cycles on <a href=\"http://ark.intel.com/products/47932\">Intel i7 Processor</a> with 4 cores.</p><p>Put another way, that processor could try out one key on one block of data in about 1.7 nanoseconds. At that speed it would take it about <b>1.3 * 10^12 * the age of the universe</b> to check all the keys (you&#39;d probably only have to check half before finding the right one so divide that incredibly long time by two).</p><p>Since personal computers became available roughly 1 billion of them have been sold. Imagine that they all had the same top-of-the-line processor and were used to attack a 128-bit key. You&#39;d manage to get the time down to <b>660 * the age of the universe</b>.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1w5RgPJRr4Gnxk4E2rWqFu/cbc76d09e7671de7fe3731c38fcfdb8a/milliways.png\" alt=\"Milliways\" class=\"kg-image\" width=\"500\" height=\"370\" loading=\"lazy\"/>\n \n </figure><p>Image (c) BBC TV</p><p>So, breaking 128-bit keys by brute force just isn&#39;t practical. And breaking 256-bit is even less possible. So, for symmetric ciphers, keys of these lengths make sense.</p><p>But that&#39;s not the case for asymmetric cryptography.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"asymmetric-key-lengths\">Asymmetric Key Lengths</h3>\n <a href=\"#asymmetric-key-lengths\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p><a href=\"https://en.wikipedia.org/wiki/Public-key_cryptography\">Asymmetric cryptography</a> works by having two different keys, one for encryption and one for decryption. It&#39;s also often called &#39;public key cryptography&#39; because it&#39;s possible to make one key public (allowing someone to encrypt a message) while keeping the other private (only the holder of the private key can decrypt the message encrypted with its related public key).</p><p>In order to have these special properties the public and private keys are related by some mathematical process. Aside: in the symmetric examples there&#39;s only one key and it&#39;s just any value of the right number of bits. This randomness of a symmetric key means it can be relatively short as we saw.</p><p>For example, in the popular RSA scheme used with SSL/TLS the public and private keys consist in part of the product of two large prime numbers. Making an RSA key starts with picking two random prime numbers. The security of RSA relies (in part) on the fact that it&#39;s easy to choose two random prime numbers, but it&#39;s very hard to discover what they are when just given the product of them.</p><p>Suppose there are two prime numbers picked at random called p0 and p1. Part of the RSA public (and private) key is called the modulus and it is just p0*p1. If an attacker can decompose (or factor) the modulus into p0 and p1 they can break RSA because they can work out the private key. Mathematicians believe that it is very hard to factor a product of two primes and the security of web transactions relies, in part, on that belief.</p><p>Typical RSA key sizes are 1,024 or 2,048 or 4,096 bits. That number is the number of bits in the modulus. For each there will be a pair of primes of roughly 512 bits or 1,024 bits or 2,048 bits depending on the key size picked. Those primes are chosen by some random process (highlighting once again the <a href=\"/why-randomness-matters\">importance of random number generators</a>).</p><p>But we still haven&#39;t answered the question of why these key sizes are so large. Just as in the symmetric key case, attacks on say 2,048-bit RSA are based on trying out all keys of a certain size, but unlike the symmetric key scheme not every 2,048-bit number is an RSA key (because it has to be the product of two primes).</p><p>So, although the key size is larger there are actually fewer possible RSA keys for any given number of bits that there are for the same symmetric key size. That&#39;s because there are only so many prime numbers of that size and below. The RSA scheme can only use pairs of prime numbers, whereas the symmetric schemes can use any number at all of the same size.</p><p>This diagram (called an <a href=\"https://en.wikipedia.org/wiki/Ulam_spiral\">Ulam Spiral</a>) shows the numbers from 1 to 40,000 as black or white dots. The black dots are the primes</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3VIXrzzZVLON430lnHxCPO/940bf5e06b1965d20e0f6371c695ca06/ulam-spiral.png\" alt=\"Ulam Spiral\" class=\"kg-image\" width=\"400\" height=\"400\" loading=\"lazy\"/>\n \n </figure><p>Image from <a href=\"https://en.wikipedia.org/wiki/File:Ulam_1.png\">Wikipedia</a></p><p>If you used a 256-bit RSA key (roughly consisting of two 128-bit prime numbers multiplied together) you&#39;d quickly find that your encryption had been broken by someone using a fast home PC. There are only so many 128-bit prime numbers and there are fast ways of attacking the factorization problem (such as the <a href=\"https://en.wikipedia.org/wiki/General_number_field_sieve\">General Number Field Sieve</a> that actually make breaking RSA keys a little easier than trying out every single key).</p><p>Any time there&#39;s a pattern in a cryptographic key it represents a chink in the crytography&#39;s armor. For example, in a perfect world, people would pick completely random passwords. Because they don&#39;t there are patterns in the passwords and they can be guessed or broken without trying out every possible password.</p><p>RSA keys have a distinctive pattern: they are the product of two prime numbers. That provides the chink; today that chink is best exploited by the General Number Field Sieve. In the symmetric key case there are no such patterns: the keys are just large randomly-chosen numbers. (Of course, if you don&#39;t pick your symmetric key randomly you might actually be helping an attacker find a way to break your encrypted messages.)</p><p>A few years ago the 512-bit RSA key used to sign software for TIcalculators was broken by <a href=\"https://en.wikipedia.org/wiki/Texas_Instruments_signing_key_controversy\">an individual</a> using a PC that ran for 73 days using the open source <a href=\"http://www.boo.net/~jasonp/qs.html\">msieve and ggnfs</a> prorgrams.</p><p>So, asymmetric keys have to be much larger than symmetric keys because there are less of them for a given number of bits, and because there are patterns within the keys themselves.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"recommendations\">Recommendations</h3>\n <a href=\"#recommendations\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The <a href=\"http://www.keylength.com/en/3/\">ECRYPT II recommendations</a> on key length say that a 128-bit symmetric key provides the same strength of protection as a 3,248-bit asymmetric key. And that those key lengths provide long term protection of data encrypted with them.</p><p>The length of time a key is good for is also important. Over time computers get faster and techniques for breaking encryption schemes (particuarly techniques for breaking asymmetric encryption) get better. That 512-bit key used for TI calculators probably looked pretty safe when it was first chosen. And in 1999 a key of that length took a <a href=\"https://en.wikipedia.org/wiki/Cray_C90\">supercomputer</a> to break.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/43FhANStq4MmuxKjgUXS6Y/70e7ba13b64f49f60eec15570a1f037a/sneakers.png\" alt=\"Sneakers\" class=\"kg-image\" width=\"500\" height=\"268\" loading=\"lazy\"/>\n \n </figure><p>We keep an eye on these reports when choosing ciphers and key lengths to secure our and our customers&#39; communications.</p><p>Because of the importance of protecting our customers&#39; communications CloudFlare has also opted to roll out <a href=\"/staying-on-top-of-tls-attacks\">forward secrecy</a> for our SSL/TLS connections. That means that the public/private keys used for connections are generated freshly each time. That prevents bulk attacks where a single public/private key (such as the one used in simple RSA-based certificates) is broken revealing all of the symmetric keys used to secure HTTPS for a web site.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"forward-secrecy-and-elliptic-curves\">Forward Secrecy and Elliptic Curves</h3>\n <a href=\"#forward-secrecy-and-elliptic-curves\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Returning to the HTTPS connection I made to CloudFlare at the start, the key negotiation was done using ECDHE_RSA. That&#39;s the ephemeral version of the Diffie-Hellman key exchange mechanism that uses elliptic curves and RSA for authentication. That&#39;s quite amouthful. It breaks down like this:</p><ol><li><p>The public/private key pair used to this connection was ephemeral: it was only created for this connection. That&#39;s what gives &#39;forward secrecy&#39;.</p></li><li><p>The actual public-key encryption scheme used was <a href=\"https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman\">Elliptic Curve Diffie-Hellman</a>. Elliptic Curve Cryptography uses a different branch of mathematics than RSA. Looking at the ECRYPT II report shows that a 128-bit symmetric key is as strong as a 3,248-bit asymmetric key; to get the equivalent strength from an Elliptic Curve Cryptographic scheme requires a key with 256-bits.</p></li><li><p>So, Google Chrome set up an ephemeral <a href=\"https://www.imperialviolet.org/2011/11/22/forwardsecret.html\">256-bit</a> Elliptic Curve Diffie Hellman public/private key pair and used it to agree on a 128-bit symmetric key for the rest of the communication.</p></li><li><p>To prove that the web site really was <a href=\"http://www.cloudflare.com\">www.cloudflare.com</a> the 2,048-bit RSA key was used along with the web site&#39;s certificate.</p></li></ol><p>So, three different key lengths were used: 128-bit (with RC4), 256-bit (with ECDHE) and 2,048-bit (with RSA). All three key lengths provide similar levels of security.</p>"],"published_at":[0,"2013-09-20T07:00:00.000+01:00"],"updated_at":[0,"2024-10-10T00:35:39.441Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6Tk0IsOdyW1PzT3xtzzxxw/ec7ec3ebd3b1c92ab87f7737317b42d3/why-are-some-keys-small.png"],"tags":[1,[[0,{"id":[0,"3skwJ34K0c3CEY1cNogR4n"],"name":[0,"Chrome"],"slug":[0,"chrome"]}],[0,{"id":[0,"683doBhQG1RNA5TdzbpraJ"],"name":[0,"Google"],"slug":[0,"google"]}],[0,{"id":[0,"6FnsX11DsaqBlZLx6DA0oP"],"name":[0,"RSA"],"slug":[0,"rsa"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"John Graham-Cumming"],"slug":[0,"john-graham-cumming"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5vGNsXzZrtSLn2X30pnpUY/6f350e7dd36058a6422f9199b452bb02/john-graham-cumming.jpg"],"location":[0,"Lisbon, Portugal"],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,null],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Why some cryptographic keys are much smaller than others Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/why-are-some-keys-small"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,""]}]}],[0,{"id":[0,"6IA4lpm5kazWmAyb9SfGen"],"title":[0,"SPDY Now One-Click Simple for Any Website"],"slug":[0,"spdy-now-one-click-simple-for-any-website"],"excerpt":[0,"About a month and a half ago, CloudFlare announced limited support for SPDY as part of a private beta. SPDY is the new protocol pioneered by Google to make the web faster. If you're curious, we've written about what makes SPDY speedy in previous blog posts.\n\n"],"featured":[0,false],"html":[0,"\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3BrOVrSdnbHEjkbEt1ujI8/448b13f83bf24f39fe7888ba2f279577/speedy-gonzales.jpeg.scaled500.jpg\" alt=\"SPDY Now One-Click Simple for Any\nWebsite\" class=\"kg-image\" width=\"290\" height=\"332\" loading=\"lazy\"/>\n \n </figure><p>About a month and a half ago, CloudFlare announced <a href=\"/introducing-spdy\">limited support for SPDY</a> as part of a private beta. SPDY is the new protocol pioneered by Google to make the web faster. If you&#39;re curious, we&#39;ve written about <a href=\"/what-makes-spdy-speedy\">what makes SPDY speedy</a> in previous blog posts.</p><p>Since that announcement, we&#39;ve been testing SPDY with a couple hundred of CloudFlare&#39;s customers, as well as on <a href=\"https://www.cloudflare.com/\">CloudFlare.com</a> itself, in a private beta. The results have been great and today we&#39;re excited to announce that SPDY is now available to any eligible CloudFlare customer from theirPerformance Settings page.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"who-gets-speedy\">Who Gets Speedy?</h3>\n <a href=\"#who-gets-speedy\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The current implementation of SPDY requires TLS/SSL. As a result, SPDY is only supported for paying CloudFlare customers who have SSL enabled. Even if you don&#39;t have your own SSL certificate installed on your server, you can take advantage of SPDY by enabling <a href=\"/easiest-ssl-ever-now-included-automatically-w\">CloudFlare&#39;s Flexible SSL</a>. If you&#39;re a Free customer, you can <a href=\"http://www.cloudflare.com/plans\">upgrade to one of CloudFlare&#39;s paid plans</a> and enable SPDY immediately. If, in the future, the SPDY protocol supports non-HTTPS connections, we plan to extend SPDY support to Free customers as well.</p><p>Assuming you have SSL enabled, you can turn SPDY on with a single click for all traffic that passes through CloudFlare. SPDY will automatically be enabled for HTTPS traffic to browsers like Chrome and the latest version of Firefox which supports the protocol.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/epjjB1FZ44ddIWcN9oNky/bbd8af02180c375f4abd666b08fbbda9/spdy_setting.jpeg.scaled500.jpg\" alt=\"SPDY Now One-Click Simple for Any\nWebsite\" class=\"kg-image\" width=\"500\" height=\"58\" loading=\"lazy\"/>\n \n </figure><p>With widespread SPDY support, we&#39;re excited to continue to push the web forward as we continue our mission of building a faster, safer Internet.</p>"],"published_at":[0,"2012-08-02T23:34:00.000+01:00"],"updated_at":[0,"2024-10-10T00:38:59.662Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7qnHioVgkq1wt1YjteTEkk/c4a46c8c506bb7f01da9a14cd866fc65/spdy-now-one-click-simple-for-any-website.jpg"],"tags":[1,[[0,{"id":[0,"3skwJ34K0c3CEY1cNogR4n"],"name":[0,"Chrome"],"slug":[0,"chrome"]}],[0,{"id":[0,"kn8Lmy4luvCeAabblVvHH"],"name":[0,"Firefox"],"slug":[0,"firefox"]}],[0,{"id":[0,"1HElwgNEl197gbuevMX3lr"],"name":[0,"spdy"],"slug":[0,"spdy"]}],[0,{"id":[0,"48r7QV00gLMWOIcM1CSDRy"],"name":[0,"Speed & Reliability"],"slug":[0,"speed-and-reliability"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Matthew Prince"],"slug":[0,"matthew-prince"],"bio":[0,"A little bit geek, wonk, and nerd. Repeat entrepreneur, recovering lawyer, and former ski instructor. Co-founder & CEO of Cloudflare (NYSE: NET)."],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1VD9WePJ1jvjFwuSRF0IfQ/5e4f7d5fd4825358b33b2ead623140d8/matthew-prince.jpeg"],"location":[0,"San Francisco, CA"],"website":[0,null],"twitter":[0,"@eastdakota"],"facebook":[0,null]}]]],"meta_description":[0,null],"primary_author":[0,{}],"localeList":[0,{"name":[0,"SPDY Now One-Click Simple for Any Website Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/spdy-now-one-click-simple-for-any-website"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,""]}]}]]],"translations":[0,{"posts.by":[0,"By"],"footer.gdpr":[0,"GDPR"],"lang_blurb1":[0,"This post is also available in {lang1}."],"lang_blurb2":[0,"This post is also available in {lang1} and {lang2}."],"lang_blurb3":[0,"This post is also available in {lang1}, {lang2} and {lang3}."],"footer.press":[0,"Press"],"header.title":[0,"The Cloudflare Blog"],"search.clear":[0,"Clear"],"search.filter":[0,"Filter"],"search.source":[0,"Source"],"footer.careers":[0,"Careers"],"footer.company":[0,"Company"],"footer.support":[0,"Support"],"footer.the_net":[0,"theNet"],"search.filters":[0,"Filters"],"footer.our_team":[0,"Our team"],"footer.webinars":[0,"Webinars"],"page.more_posts":[0,"More posts"],"posts.time_read":[0,"{time} min read"],"search.language":[0,"Language"],"footer.community":[0,"Community"],"footer.resources":[0,"Resources"],"footer.solutions":[0,"Solutions"],"footer.trademark":[0,"Trademark"],"header.subscribe":[0,"Subscribe"],"footer.compliance":[0,"Compliance"],"footer.free_plans":[0,"Free plans"],"footer.impact_ESG":[0,"Impact/ESG"],"posts.follow_on_X":[0,"Follow on X"],"footer.help_center":[0,"Help center"],"footer.network_map":[0,"Network Map"],"header.please_wait":[0,"Please Wait"],"page.related_posts":[0,"Related posts"],"search.result_stat":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong> for <strong>{search_keyword}</strong>"],"footer.case_studies":[0,"Case Studies"],"footer.connect_2024":[0,"Connect 2024"],"footer.terms_of_use":[0,"Terms of Use"],"footer.white_papers":[0,"White Papers"],"footer.cloudflare_tv":[0,"Cloudflare TV"],"footer.community_hub":[0,"Community Hub"],"footer.compare_plans":[0,"Compare plans"],"footer.contact_sales":[0,"Contact Sales"],"header.contact_sales":[0,"Contact Sales"],"header.email_address":[0,"Email Address"],"page.error.not_found":[0,"Page not found"],"footer.developer_docs":[0,"Developer docs"],"footer.privacy_policy":[0,"Privacy Policy"],"footer.request_a_demo":[0,"Request a demo"],"page.continue_reading":[0,"Continue reading"],"footer.analysts_report":[0,"Analyst reports"],"footer.for_enterprises":[0,"For enterprises"],"footer.getting_started":[0,"Getting Started"],"footer.learning_center":[0,"Learning Center"],"footer.project_galileo":[0,"Project Galileo"],"pagination.newer_posts":[0,"Newer Posts"],"pagination.older_posts":[0,"Older Posts"],"posts.social_buttons.x":[0,"Discuss on X"],"search.icon_aria_label":[0,"Search"],"search.source_location":[0,"Source/Location"],"footer.about_cloudflare":[0,"About Cloudflare"],"footer.athenian_project":[0,"Athenian Project"],"footer.become_a_partner":[0,"Become a partner"],"footer.cloudflare_radar":[0,"Cloudflare Radar"],"footer.network_services":[0,"Network services"],"footer.trust_and_safety":[0,"Trust & Safety"],"header.get_started_free":[0,"Get Started Free"],"page.search.placeholder":[0,"Search Cloudflare"],"footer.cloudflare_status":[0,"Cloudflare Status"],"footer.cookie_preference":[0,"Cookie Preferences"],"header.valid_email_error":[0,"Must be valid email."],"search.result_stat_empty":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong>"],"footer.connectivity_cloud":[0,"Connectivity cloud"],"footer.developer_services":[0,"Developer services"],"footer.investor_relations":[0,"Investor relations"],"page.not_found.error_code":[0,"Error Code: 404"],"search.autocomplete_title":[0,"Insert a query. Press enter to send"],"footer.logos_and_press_kit":[0,"Logos & press kit"],"footer.application_services":[0,"Application services"],"footer.get_a_recommendation":[0,"Get a recommendation"],"posts.social_buttons.reddit":[0,"Discuss on Reddit"],"footer.sse_and_sase_services":[0,"SSE and SASE services"],"page.not_found.outdated_link":[0,"You may have used an outdated link, or you may have typed the address incorrectly."],"footer.report_security_issues":[0,"Report Security Issues"],"page.error.error_message_page":[0,"Sorry, we can't find the page you are looking for."],"header.subscribe_notifications":[0,"Subscribe to receive notifications of new posts:"],"footer.cloudflare_for_campaigns":[0,"Cloudflare for Campaigns"],"header.subscription_confimation":[0,"Subscription confirmed. Thank you for subscribing!"],"posts.social_buttons.hackernews":[0,"Discuss on Hacker News"],"footer.diversity_equity_inclusion":[0,"Diversity, equity & inclusion"],"footer.critical_infrastructure_defense_project":[0,"Critical Infrastructure Defense Project"]}]}" ssr client="load" opts="{"name":"MorePosts","value":true}" await-children><div class="w-100 bt-l b--gray8"><h3 data-testid="more-posts-title" class="orange fw5 f4 ph3 mt4">MORE POSTS</h3></div><article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"><p class="f3 fw5 gray1" data-iso-date="2018-07-24T16:04:00.000+01:00">July 24, 2018 3:04 PM</p><a href="/today-chrome-takes-another-step-forward-in-addressing-the-design-flaw-that-is-an-unencrypted-web/" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Today, Chrome Takes Another Step Forward in Addressing the Design Flaw That is an Unencrypted Web</h6></a><p class="gray1 lh-copy">I still remember my first foray onto the internet as a university student back in the mid 90's. It was a simpler time back then, of course; we weren't doing our personal banking or our tax returns or handling our medical records so encrypting the transport layer wasn't exactly a <!-- -->...</p><ul class="flex pl0 fw6 f2"><span>By<!-- --> </span><li class="list flex items-center"><div class="author-name-tooltip"><a href="/author/troy-hunt/" class="fw5 f2 black no-underline">Troy Hunt (Guest Author)</a></div></li></ul><div class="flex flex-row flex-wrap"><div><a href="/tag/https/" class="no-underline f1 fw2 blue3 underline-hover">HTTPS</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/chrome/" class="no-underline f1 fw2 blue3 underline-hover">Chrome</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/ssl/" class="no-underline f1 fw2 blue3 underline-hover">SSL</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/security/" class="no-underline f1 fw2 blue3 underline-hover">Security</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/guest-post/" class="no-underline f1 fw2 blue3 underline-hover">Guest Post</a></div></div></article><article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"><p class="f3 fw5 gray1" data-iso-date="2018-06-28T18:40:14.000+01:00">June 28, 2018 5:40 PM</p><a href="/delivering-a-serverless-api-in-10-minutes-using-workers/" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Delivering a Serverless API in 10 minutes using Workers</h6></a><p class="gray1 lh-copy">In preparation for Chrome’s Not Secure flag, which will update the indicator to show Not Secure when a site is not accessed over https, we wanted people to be able to test whether their site would pass. <!-- -->...</p><ul class="flex pl0 fw6 f2"><span>By<!-- --> </span><li class="list flex items-center"><div class="author-name-tooltip"><a href="/author/rita/" class="fw5 f2 black no-underline">Rita Kozlov</a></div></li></ul><div class="flex flex-row flex-wrap"><div><a href="/tag/workers/" class="no-underline f1 fw2 blue3 underline-hover">Cloudflare Workers</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/serverless/" class="no-underline f1 fw2 blue3 underline-hover">Serverless</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/chrome/" class="no-underline f1 fw2 blue3 underline-hover">Chrome</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/ssl/" class="no-underline f1 fw2 blue3 underline-hover">SSL</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/security/" class="no-underline f1 fw2 blue3 underline-hover">Security</a></div></div></article><article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"><p class="f3 fw5 gray1" data-iso-date="2018-06-28T14:00:00.000+01:00">June 28, 2018 1:00 PM</p><a href="/chrome-not-secure-for-http/" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">T-25 days until Chrome starts flagging HTTP sites as "Not Secure"</h6></a><p class="gray1 lh-copy">Less than one month from today, on July 23, Google will start prominently labeling any site loaded in Chrome without HTTPS as "Not Secure".<!-- -->...</p><ul class="flex pl0 fw6 f2"><span>By<!-- --> </span><li class="list flex items-center"><div class="author-name-tooltip"><a href="/author/patrick/" class="fw5 f2 black no-underline">Patrick R. Donahue</a></div></li></ul><div class="flex flex-row flex-wrap"><div><a href="/tag/https/" class="no-underline f1 fw2 blue3 underline-hover">HTTPS</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/chrome/" class="no-underline f1 fw2 blue3 underline-hover">Chrome</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/serverless/" class="no-underline f1 fw2 blue3 underline-hover">Serverless</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/workers/" class="no-underline f1 fw2 blue3 underline-hover">Cloudflare Workers</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/developers/" class="no-underline f1 fw2 blue3 underline-hover">Developers</a></div></div></article><article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"><p class="f3 fw5 gray1" data-iso-date="2018-02-14T20:00:00.000+00:00">February 14, 2018 8:00 PM</p><a href="/https-or-bust-chromes-plan-to-label-sites-as-not-secure/" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">HTTPS or bust: Chrome’s plan to label sites as "Not Secure"</h6></a><p class="gray1 lh-copy">Google just announced that beginning in July 2018, with the release of Chrome 68, web pages loaded without HTTPS will be marked as “not secure”. More than half of web visitors will soon see this warning when visiting unencrypted HTTP sites.<!-- -->...</p><ul class="flex pl0 fw6 f2"><span>By<!-- --> </span><li class="list flex items-center"><div class="author-name-tooltip"><a href="/author/patrick/" class="fw5 f2 black no-underline">Patrick R. Donahue</a></div></li></ul><div class="flex flex-row flex-wrap"><div><a href="/tag/https/" class="no-underline f1 fw2 blue3 underline-hover">HTTPS</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/ssl/" class="no-underline f1 fw2 blue3 underline-hover">SSL</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/chrome/" class="no-underline f1 fw2 blue3 underline-hover">Chrome</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/security/" class="no-underline f1 fw2 blue3 underline-hover">Security</a></div></div></article><article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"><p class="f3 fw5 gray1" data-iso-date="2017-11-09T16:05:00.000+00:00">November 09, 2017 4:05 PM</p><a href="/privacy-pass-the-math/" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Privacy Pass - “The Math”</h6></a><p class="gray1 lh-copy">During a recent internship at Cloudflare, I had the chance to help integrate support for improving the accessibility of websites that are protected by the Cloudflare edge network. <!-- -->...</p><ul class="flex pl0 fw6 f2"><span>By<!-- --> </span><li class="list flex items-center"><div class="author-name-tooltip"><a href="/author/alex-davidson/" class="fw5 f2 black no-underline">Alex Davidson</a></div></li></ul><div class="flex flex-row flex-wrap"><div><a href="/tag/privacy-pass/" class="no-underline f1 fw2 blue3 underline-hover">Privacy Pass</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/security/" class="no-underline f1 fw2 blue3 underline-hover">Security</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/captcha/" class="no-underline f1 fw2 blue3 underline-hover">CAPTCHA</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/chrome/" class="no-underline f1 fw2 blue3 underline-hover">Chrome</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/firefox/" class="no-underline f1 fw2 blue3 underline-hover">Firefox</a></div></div></article><article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"><p class="f3 fw5 gray1" data-iso-date="2017-11-09T16:00:00.000+00:00">November 09, 2017 4:00 PM</p><a href="/cloudflare-supports-privacy-pass/" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Cloudflare supports Privacy Pass</h6></a><p class="gray1 lh-copy">Cloudflare supports Privacy Pass, a recently-announced privacy-preserving protocol developed in collaboration with researchers from Royal Holloway and the University of Waterloo. <!-- -->...</p><ul class="flex pl0 fw6 f2"><span>By<!-- --> </span><li class="list flex items-center"><div class="author-name-tooltip"><a href="/author/nick-sullivan/" class="fw5 f2 black no-underline">Nick Sullivan</a></div></li></ul><div class="flex flex-row flex-wrap"><div><a href="/tag/privacy/" class="no-underline f1 fw2 blue3 underline-hover">Privacy</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/captcha/" class="no-underline f1 fw2 blue3 underline-hover">CAPTCHA</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/privacy-pass/" class="no-underline f1 fw2 blue3 underline-hover">Privacy Pass</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/firefox/" class="no-underline f1 fw2 blue3 underline-hover">Firefox</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/chrome/" class="no-underline f1 fw2 blue3 underline-hover">Chrome</a></div></div></article><article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"><p class="f3 fw5 gray1" data-iso-date="2017-02-01T14:57:00.000+00:00">February 01, 2017 2:57 PM</p><a href="/tls-1-3-explained-by-the-cloudflare-crypto-team-at-33c3/" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">TLS 1.3 explained by the Cloudflare Crypto Team at 33c3</h6></a><p class="gray1 lh-copy">Nick Sullivan and I gave a talk about TLS 1.3 at 33c3, the latest Chaos Communication Congress. The congress, attended by more that 13,000 hackers in Hamburg, has been one of the hallmark events of the security community for more than 30 years.<!-- -->...</p><ul class="flex pl0 fw6 f2"><span>By<!-- --> </span><li class="list flex items-center"><div class="author-name-tooltip"><a href="/author/filippo/" class="fw5 f2 black no-underline">Filippo Valsorda</a></div></li></ul><div class="flex flex-row flex-wrap"><div><a href="/tag/tls-1-3/" class="no-underline f1 fw2 blue3 underline-hover">TLS 1.3</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/tls/" class="no-underline f1 fw2 blue3 underline-hover">TLS</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/security/" class="no-underline f1 fw2 blue3 underline-hover">Security</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/chrome/" class="no-underline f1 fw2 blue3 underline-hover">Chrome</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/firefox/" class="no-underline f1 fw2 blue3 underline-hover">Firefox</a></div></div></article><article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"><p class="f3 fw5 gray1" data-iso-date="2016-09-20T14:04:52.000+01:00">September 20, 2016 1:04 PM</p><a href="/introducing-tls-1-3/" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Introducing TLS 1.3</h6></a><p class="gray1 lh-copy">The encrypted Internet is about to become a whole lot snappier. When it comes to browsing, we’ve been driving around in a beat-up car from the 90s for a while. Little does anyone know, we’re all about to trade in our station wagons for a smoking new sports car. <!-- -->...</p><ul class="flex pl0 fw6 f2"><span>By<!-- --> </span><li class="list flex items-center"><div class="author-name-tooltip"><a href="/author/nick-sullivan/" class="fw5 f2 black no-underline">Nick Sullivan</a></div></li></ul><div class="flex flex-row flex-wrap"><div><a href="/tag/tls-1-3/" class="no-underline f1 fw2 blue3 underline-hover">TLS 1.3</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/tls/" class="no-underline f1 fw2 blue3 underline-hover">TLS</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/https/" class="no-underline f1 fw2 blue3 underline-hover">HTTPS</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/rsa/" class="no-underline f1 fw2 blue3 underline-hover">RSA</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/product-news/" class="no-underline f1 fw2 blue3 underline-hover">Product News</a></div></div></article><article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"><p class="f3 fw5 gray1" data-iso-date="2016-04-04T12:50:49.000+01:00">April 04, 2016 11:50 AM</p><a href="/it-takes-two-to-chacha-poly/" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">It takes two to ChaCha (Poly)</h6></a><p class="gray1 lh-copy">Not long ago we introduced support for TLS cipher suites based on the ChaCha20-Poly1305 AEAD, for all our customers. Back then those cipher suites were only supported by the Chrome browser and Google's websites, but were in the process of standardization. <!-- -->...</p><ul class="flex pl0 fw6 f2"><span>By<!-- --> </span><li class="list flex items-center"><div class="author-name-tooltip"><a href="/author/vlad-krasnov/" class="fw5 f2 black no-underline">Vlad Krasnov</a></div></li></ul><div class="flex flex-row flex-wrap"><div><a href="/tag/tls/" class="no-underline f1 fw2 blue3 underline-hover">TLS</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/speed-and-reliability/" class="no-underline f1 fw2 blue3 underline-hover">Speed & Reliability</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/chrome/" class="no-underline f1 fw2 blue3 underline-hover">Chrome</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/security/" class="no-underline f1 fw2 blue3 underline-hover">Security</a></div></div></article><article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"><p class="f3 fw5 gray1" data-iso-date="2014-11-10T23:28:32.000+00:00">November 10, 2014 11:28 PM</p><a href="/cloudflare-and-sha-1-certificates/" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">CloudFlare and SHA-1 Certificates</h6></a><p class="gray1 lh-copy">At CloudFlare, we’re dedicated to ensuring sites are not only secure, but also available to the widest audience. In the coming months, both Google’s Chrome browser and Mozilla’s Firefox browser are changing their policy with respect to certain web site certificates.<!-- -->...</p><ul class="flex pl0 fw6 f2"><span>By<!-- --> </span><li class="list flex items-center"><div class="author-name-tooltip"><a href="/author/nick-sullivan/" class="fw5 f2 black no-underline">Nick Sullivan</a></div></li></ul><div class="flex flex-row flex-wrap"><div><a href="/tag/chrome/" class="no-underline f1 fw2 blue3 underline-hover">Chrome</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/firefox/" class="no-underline f1 fw2 blue3 underline-hover">Firefox</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/https/" class="no-underline f1 fw2 blue3 underline-hover">HTTPS</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/security/" class="no-underline f1 fw2 blue3 underline-hover">Security</a></div></div></article><article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"><p class="f3 fw5 gray1" data-iso-date="2013-12-26T17:00:00.000+00:00">December 26, 2013 5:00 PM</p><a href="/using-cloudflare-to-mix-domain-sharding-and-spdy/" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Using CloudFlare to mix domain sharding and SPDY</h6></a><p class="gray1 lh-copy">It’s common knowledge that domain sharding, where the resources in a web page are shared across different domains (or subdomains), is a good thing. <!-- -->...</p><ul class="flex pl0 fw6 f2"><span>By<!-- --> </span><li class="list flex items-center"><div class="author-name-tooltip"><a href="/author/john-graham-cumming/" class="fw5 f2 black no-underline">John Graham-Cumming</a></div></li></ul><div class="flex flex-row flex-wrap"><div><a href="/tag/tls/" class="no-underline f1 fw2 blue3 underline-hover">TLS</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/google/" class="no-underline f1 fw2 blue3 underline-hover">Google</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/chrome/" class="no-underline f1 fw2 blue3 underline-hover">Chrome</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/spdy/" class="no-underline f1 fw2 blue3 underline-hover">spdy</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/speed-and-reliability/" class="no-underline f1 fw2 blue3 underline-hover">Speed & Reliability</a></div></div></article><article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"><p class="f3 fw5 gray1" data-iso-date="2013-09-20T07:00:00.000+01:00">September 20, 2013 6:00 AM</p><a href="/why-are-some-keys-small/" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Why some cryptographic keys are much smaller than others</h6></a><p class="gray1 lh-copy">If you connect to CloudFlare's web site using HTTPS the connection will be secured using one of the many encryption schemes supported by SSL/TLS. <!-- -->...</p><ul class="flex pl0 fw6 f2"><span>By<!-- --> </span><li class="list flex items-center"><div class="author-name-tooltip"><a href="/author/john-graham-cumming/" class="fw5 f2 black no-underline">John Graham-Cumming</a></div></li></ul><div class="flex flex-row flex-wrap"><div><a href="/tag/chrome/" class="no-underline f1 fw2 blue3 underline-hover">Chrome</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/google/" class="no-underline f1 fw2 blue3 underline-hover">Google</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/rsa/" class="no-underline f1 fw2 blue3 underline-hover">RSA</a></div></div></article><article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"><p class="f3 fw5 gray1" data-iso-date="2012-08-02T23:34:00.000+01:00">August 02, 2012 10:34 PM</p><a href="/spdy-now-one-click-simple-for-any-website/" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">SPDY Now One-Click Simple for Any Website</h6></a><p class="gray1 lh-copy">About a month and a half ago, CloudFlare announced limited support for SPDY as part of a private beta. SPDY is the new protocol pioneered by Google to make the web faster. If you're curious, we've written about what makes SPDY speedy in previous blog posts. <!-- -->...</p><ul class="flex pl0 fw6 f2"><span>By<!-- --> </span><li class="list flex items-center"><div class="author-name-tooltip"><a href="/author/matthew-prince/" class="fw5 f2 black no-underline">Matthew Prince</a></div></li></ul><div class="flex flex-row flex-wrap"><div><a href="/tag/chrome/" class="no-underline f1 fw2 blue3 underline-hover">Chrome</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/firefox/" class="no-underline f1 fw2 blue3 underline-hover">Firefox</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/spdy/" class="no-underline f1 fw2 blue3 underline-hover">spdy</a></div><div><span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="/tag/speed-and-reliability/" class="no-underline f1 fw2 blue3 underline-hover">Speed & Reliability</a></div></div></article><!--astro:end--></astro-island> <div class="pagination mw-100 center mv5 ph3 w-100 tc"><div class="center w-50-l w-100"><div class="flex items-center justify-center justify-around-m "><ul class="flex list ml3" style="padding-inline-start:inherit"><li class="gray"><a class="no-underline underline-hover dib-m dib-l mr1 gray3 " href="/tag/chrome/">1</a></li></ul></div></div></div> </main> <footer class="pt4 pb4 pl1 pr1 main-footer"><div class="mw8 center dn db-l ph3"><div class="flex flex-row justify-between"><div class="main-footer__menu-group"><ul id="getting-started-menu" class="list pl0"><li class="pt1 pb1 f1 main-footer__menu-group__header js-toggle-footer-group" data-submenu="getting-started-menu">Getting Started<i class="icon-caret-down"></i></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/plans/free/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="free-plans" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Free plans</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/enterprise/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="enterprise" class="f1 blue3 no-underline underline-hover" rel="noreferrer">For enterprises</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/plans/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="compare-plans" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Compare plans</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/about-your-website/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="get-a-recommendation" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Get a recommendation</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/plans/enterprise/demo/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="request-a-demo" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Request a demo</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/plans/enterprise/contact/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="contact-sales" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Contact Sales</a></li></ul></div><div class="main-footer__menu-group"><ul id="company-menu" class="list pl0"><li class="pt1 pb1 f1" data-submenu="company-menu">Resources<i class="icon-caret-down"></i></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/learning/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="learning-center" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Learning Center</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/analysts/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="analysts-report" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Analyst reports</a></li><li class="pt1 pb1"><a href="https://radar.cloudflare.com/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="overview" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Cloudflare Radar</a></li><li class="pt1 pb1"><a href="https://cloudflare.tv/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="tv" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Cloudflare TV</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/case-studies/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="case-studies" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Case Studies</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/resource-hub/?resourcetype=Webinar" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="webinars" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Webinars</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/resource-hub/?resourcetype=Whitepaper" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="white-papers" class="f1 blue3 no-underline underline-hover" rel="noreferrer">White Papers</a></li><li class="pt1 pb1"><a href="https://developers.cloudflare.com" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="developer-docs" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Developer docs</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/the-net/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="theNet" class="f1 blue3 no-underline underline-hover" rel="noreferrer">theNet</a></li></ul></div><div class="main-footer__menu-group"><ul id="sales-menu" class="list pl0"><li class="pt1 pb1 f1 main-footer__menu-group__header js-toggle-footer-group" data-submenu="sales-menu">Solutions<i class="icon-caret-down"></i></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/connectivity-cloud/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="connectivity-cloud" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Connectivity cloud</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/zero-trust/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="zero-trust" class="f1 blue3 no-underline underline-hover" rel="noreferrer">SSE and SASE services</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/application-services/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="application-services" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Application services</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/network-services/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="network-services" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Network services</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/developer-platform/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="developer-services" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Developer services</a></li></ul></div><div class="main-footer__menu-group"><ul id="community-menu" class="list pl0"><li class="pt1 pb1 f1 main-footer__menu-group__header js-toggle-footer-group" data-submenu="community-menu">Community<i class="icon-caret-down"></i></li><li class="pt1 pb1"><a href="https://community.cloudflare.com" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="community_hub" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Community Hub</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/galileo/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="galileo" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Project Galileo</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/athenian/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="athenian" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Athenian Project</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/campaigns/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="cloudflare-for-campaigns" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Cloudflare for Campaigns</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/partners/technology-partners/cidp/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="critical-infrastructure-defense-project" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Critical Infrastructure Defense Project</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/connect2024/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="connect-2024" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Connect 2024</a></li></ul></div><div class="main-footer__menu-group"><ul id="support-menu" class="list pl0"><li class="pt1 pb1 f1 main-footer__menu-group__header js-toggle-footer-group" data-submenu="support-menu">Support<i class="icon-caret-down"></i></li><li class="pt1 pb1"><a href="https://support.cloudflare.com" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="help-center" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Help center</a></li><li class="pt1 pb1"><a href="https://www.cloudflarestatus.com" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="status" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Cloudflare Status</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/compliance/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="compliance" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Compliance</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/gdpr/introduction/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="gdpr" class="f1 blue3 no-underline underline-hover" rel="noreferrer">GDPR</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/trust-hub/abuse-approach/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="trust-and-safety" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Trust & Safety</a></li></ul></div><div class="main-footer__menu-group"><ul id="company-menu" class="list pl0"><li class="pt1 pb1 f1 main-footer__menu-group__header js-toggle-footer-group" data-submenu="company-menu">Company<i class="icon-caret-down"></i></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/about-overview/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="overview" class="f1 blue3 no-underline underline-hover" rel="noreferrer">About Cloudflare</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/people/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="our_team" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Our team</a></li><li class="pt1 pb1"><a href="https://cloudflare.net/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="investor-relations" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Investor relations</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/press/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="press" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Press</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/careers/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="careers" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Careers</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/diversity-equity-and-inclusion/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="diversity-equity-inclusion" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Diversity, equity & inclusion</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/impact/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="impact-ESG" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Impact/ESG</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/network/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="network_map" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Network Map</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/press-kit/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="press-kit" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Logos & press kit</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/partners/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="partners" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Become a partner</a></li></ul></div></div></div><div class="mw8 center ph3"><div class="flex flex-row flex-wrap justify-center md:justify-between items-center pt4"><div class="flex flex-row space-x-4 items-start w-25-l pb4 pb0-l"><a target="_blank" rel="noreferrer" href="https://www.facebook.com/Cloudflare/" class="w-8"><img class="w-8" src="https://www.cloudflare.com/img/footer/facebook.svg" alt="facebook"/></a><a target=" _blank" rel="noreferrer" href="https://x.com/Cloudflare" class="w-8"><img class="w-8" src="https://www.cloudflare.com/img/footer/twitter.svg" alt="X"/></a><a target="_blank" rel="noreferrer" href="https://www.linkedin.com/company/cloudflare" class="w-8"><img class="w-8" src="https://www.cloudflare.com/img/footer/linkedin.svg" alt="linkedin"/></a><a target="_blank" rel="noreferrer" href="https://www.youtube.com/cloudflare" class="w-8"><img class="w-8" src="https://www.cloudflare.com/img/footer/youtube.svg" alt="youtube"/></a><a target="_blank" rel="noreferrer" href="https://www.instagram.com/cloudflare" class="w-8"><img class="w-8" src="https://www.cloudflare.com/img/footer/instagram.svg" alt="instagram"/></a></div><div class="w-70-l tr-l tl-ns"><div><span class="main-footer__copyright f1">© <!-- -->2025<!-- --> Cloudflare, Inc.<!-- --> </span><span class="main-footer__copyright f1">|</span><a href="https://www.cloudflare.com/privacypolicy/" target="_blank" class="main-footer__copyright f1 no-underline underline-hover" rel="noreferrer"> <!-- -->Privacy Policy<!-- --> </a><span class="main-footer__copyright f1">|</span><a href="https://www.cloudflare.com/website-terms/" target="_blank" class="main-footer__copyright f1 no-underline underline-hover" rel="noreferrer"> <!-- -->Terms of Use<!-- --> </a><span class="main-footer__copyright f1">|</span><a href="https://www.cloudflare.com/disclosure/" target="_blank" class="main-footer__copyright f1 no-underline underline-hover" rel="noreferrer"> <!-- -->Report Security Issues<!-- --> </a><span class="main-footer__copyright f1">|</span><img class="mw2 ph1" src="/images/privacy-options.svg" alt="Privacy Options"/><a href="#cookie-settings" id="ot-sdk-btn" class="ot-sdk-show-settings main-footer__copyright f1 no-underline underline-hover"><span class="brandGray5">Cookie Preferences</span> </a><span class="main-footer__copyright f1">|</span><a href="https://www.cloudflare.com/trademark/" target="_blank" class="main-footer__copyright f1 no-underline underline-hover" rel="noreferrer"> <!-- -->Trademark<!-- --> </a></div></div></div></div></footer></html>