By Eduard Kovacs on September 22, 2014
Content delivery network and web security provider CloudFlare has introduced a new feature that allows customers to take advantage of the company's solutions without ever having to hand over their private SSL keys.
Private SSL keys are highly sensitive because they can be leveraged by a malicious actor to spoof an organization's identity and intercept traffic. That is why, over the past two years, CloudFlare has been working on introducing keyless SSL.
The idea emerged after CloudFlare had a meeting in the fall of 2012 with representatives of a major bank, which at the time was targeted with distributed denial-of-service (DDoS)attacks by alleged Iranian hackers of the Izz ad-Din al-Qassam Cyber Fighters group.
"The bankers all acknowledged what they needed was a cloud-based solution that could scale to meet the challenges they faced. Unfortunately, since they needed to support encrypted connections, that meant the cloud-based solution needed to terminate SSL connections," Matthew Prince, the CEO and co-founder of CloudFlare, wrote in a blog post.
SecurityWeek/ full article here/ http://www.securityweek.com/cloudflare-introduces-keyless-ssl
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.