CloudFlare Adds SSL To All Customers In Advance Of Google’s Focus On Security

Google dancers have been in a tizzy recently after the company announced that secure websites will be ranked higher in listings, a move that has made a million SEO salespeople instant experts in SSL (and improved the general security of the web.) CloudFlare, a company that launched at Disrupt, has one-upped them all, however, by offering free and easy encryption to all of their customers.

According to company estimates, only 2 million websites are SSL encrypted. As of today, however, the company encrypted two million more, essentially “doubling the size of the encrypted web.”

“We didn’t just enable basic SSL for free, we enabled cutting-edge cryptography and made it free and easy for anyone,” said Nick Sullivan, Security Engineering Lead at CloudFlare in a release. “The cryptographic systems we’re rolling out as part of Universal SSL are a generation ahead of what is used by even the top Internet giants. These certificates use elliptic curve digital signature algorithm (ECDSA) keys, ensuring all connections with CloudFlare sites have Perfect Forward Secrecy, and they are signed with ECDSA and the highly secure SHA-256 hash function. This is a level of cryptographic security most web administrators literally couldn’t buy.”

While even the most benighted would agree that this is primarily a marketing move – anyone who needs SSL probably already has it – Google’s decision to consider it a ranking signal plus CloudFlare’s efforts to secure the web are noble. Most web interactions are sent in the clear and it makes no sense for us to send our emails, messages, and deepest thoughts over a network that is trivial to read and trace. This puts a stumbling block up that would give everyone except the most industrious hacker (and the NSA) pause.

Setting up the feature is easy. It is a free service and the company will issue an SSL certificate “within 24 hours.” Once the certificate is available all Internet connectivity between the server and the user can be encrypted. It’s definitely a good talking point when comparing competing hosting offerings and I suspect it will make a lot of mom and pop sites feel at least a little bit safer.