Cloudflare Free SSL for everyone!

No, not as happy as it sounds.

Recently cloudflare announced they would release free SSL certification for all their clients; paid and free.

 

Now, I’ve tested it on this site https://mcdonell.space and my browser’s client security settings hate it (Firefox Aurora Nightly Build). CSS isn’t protected under SSL unless I allow the security risk, meaning it’s broken like this http://puu.sh/cpHNC/40d386cc16.png.
The problem being is that my hosting doesn’t support SSL mainly because I couldn’t be bothered to purchase it, but wait there’s more.

The SSL Certificates we get are signed with SHA-1. It’s an outdated and insecure hashing algorithm used to ID digital signatures. Man in the middle attacks can be ran using forged certificates against legitimate users – hopefully not too many free cloudflare sites without hosting SSL are shopping related!

Cloudflare should renew their Universal SSL Certificates with SHA-256 signatures before 2016!

Until next time, McDoSpace.

 

Leave a Reply

Your email address will not be published.