End of the road for RC4
Today, we completely disabled the RC4 encryption algorithm for all SSL/TLS connections to CloudFlare sites. It's no longer possible to connect to any site that uses CloudFlare using RC4.
Over a year ago, we disabled RC4 for connections for TLS 1.1 and above because there were more secure algorithms available. In May 2014, we deprecated RC4 by moving it to the lowest priority in our list of cipher suites. That forced any browser that had a good alternative to RC4 to use it. Those two changes meant that almost everyone who was using RC4 to connect to CloudFlare sites switched to a more secure protocol.
Back in May, we noted that some people still needed RC4, particularly people using old mobile phones and some Windows XP users. At the time, 4% of requests using RC4 came from a single phone type: the Nokia 6120.
At the time, we noted that roughly 0.000002% of requests to CloudFlare were using the RC4 protocol. In the last 9 months, that number is halved and so, although some people are still using RC4, we have decided to turn off the protocol. It's simply no longer secure.
The remaining users are almost Continue reading
This man pressed Print. What happened next left me speechless.
Although I attended HP Discover in Barcelona as a guest of the folks at HP Networking (via their Independent Bloggers program), I didn’t restrict myself to looking at etherstuff; HP makes way too broad a portfolio of products to get away with that. I ended up looking at printers, and I found something that pretty much blew me away.
Before I forget, please accept my apologies for the clickbait headline. I’ve always wanted to do one of those; but unlike so many others I’ve seen, I hope that this article won’t disappoint. You’ll see “the man” in the headline in a video later.
A Sign of the Times
It was hard to miss at HP Discover that HP believes in eating their own dog food. The signage at the event – many large, inspiring, multicultural images reminding us that HP’s mission is to provide “solutions for the New Style of IT” – was all printed on HP printers. The signs looked pretty amazing, I have to say:
Not only were they printed using HP products, but the poster tells you which printer was used, you know, in case you wanted to buy one for your spare bedroom or something:
Given the price Continue reading
Networking Field Day – Afterwards – Cisco ACI
I first need to give a shout out to @_vCarly and her amazing skills at the white board, I only wish my white boarding design were half clean as that! If @_vCarly were to a host a white boarding session at CLUS this year I would most likely attend! I suppose we should discuss the […]
Carrier Supporting Carrier – CSC
CSC Carrier Supporting Carrier is a hierarchical MPLS VPN architecture between the Service Providers. Service is an MPLS VPN service mostly but doesn’t have to be as you will see throughout the post. Customer carrier ( Provider ) receives an MPLS VPN service from the Core/Backbone carrier. Although CSC architecture is not common in real… Read More »
The post Carrier Supporting Carrier – CSC appeared first on Network Design and Architecture.
Getting Inside the Loop
Metadata doesn’t just apply to data science or protocols — it applies to engineering life. Think about the concept of epistomology — the study of how we know what we know — or the concept of hermeneutics — the study of how we understand communication — and you can quickly see that stepping outside what we are doing to examine how we are doing it is a common human experience (see Lewis’ Meditation in a Tool Shed as another instance).
But how does this apply to the engineering life? It’s called process — now, before you click off the page, scurrying away in shock, process isn’t a bad thing. In fact, process can be a good set of “guard rails” in the way we live our lives, something to remind us not to run off the road (like positive thinking signs), or even physically/mentally “bump” us in the right direction.
This week I’d like to kick off a short series on one process I learned in the US Air Force, and have used in many ways over the years — the OODA Loop. Originally developed by USAF Colonel John Boyd, and designed to help pilots deal with Continue reading
SSL Week Means Less Weak SSL
I'm excited to announce that today kicks off SSL Week at CloudFlare. Over the course of this week, we'll make a series of announcements on what we're doing to improve encryption on the Internet.
Inherently, for encryption to be the most effective, it has to meet three criteria: 1) it needs to be easy and inexpensive to use; 2) it needs to be fast so it doesn't tax performance; and 3) it needs to be up to date and ahead of the latest vulnerabilities.
Easy, Fast & Secure
Throughout CloudFlare's history, these priorities have guided our approach to encryption. Last September, we announced Universal SSL and brought world class encryption to every CloudFlare customer, even those on our Free service plan. While that effort doubled the size of the encrypted web, our work is far from done. This week we're announcing a series of initiatives that further our efforts to ensure we provide the easiest, fastest, and most secure encryption.
While Universal SSL made it easy to ensure that the connection from a device to CloudFlare was secure, this week we're going to begin the process of making it easy (and free) to ensure the connection from CloudFlare back to Continue reading