It's good to see CloudFlare are going to make this free. In planning the launch of my own new site/blog/thing (hopefully launching soon), the one thing that's really stopping me considering SSL isn't the cost of certificates (which can be had for peanuts anyway if you don't care too much which CA you use) it's the ongoing costs and increased server load.
Right now, launching without CloudFlare would almost certainly result in the unfortunate death of my VPS. SSL would only expediate that. OTOH, the minimum paid CloudFlare package would quadruple my hosting costs - I'm not running enterprise scale infrastructure for my personal site!
If CloudFlare do make it part of their free package, I will definitely use SSL by default.
I can't reveal that at the moment. That will be part of the announcement in mid-October. I can say that this will not require anyone to install new root certs in browsers etc.
To quote it: "Second, at CloudFlare we've cleared one of the last major technical hurdle before making SSL available for every one of our customers -- even free customers. We're on track to roll out SSL for all CloudFlare customers by mid-October."
Wow, that's a lot of duplicate articles about this reaching the front page, one of which already contains a complaint about the mods changing the title. They could really do with merging these articles together.
I've previously suggested a feature to show title change histories under the title, before the comments, because certain comments make no sense after the title is changed.
I'd also like to suggest a similar feature for merges whereby when there are separate articles talking about the same thing, the canonical one gets used as the main link and others submissions are retained, again, under the title, before the comments.
> We're on track to roll out SSL for all CloudFlare customers by mid-October. When we do, the number of sites that support HTTPS on the Internet will more than double
To be secure, won't this require your customers to set up HTTPS between CloudFlare and their hosting providers, which will require additional manual setup with their hosting provider, assuming they even support HTTPS? It seems rather optimistic to assume that enough customers can/will do this to result in a doubling of sites supporting HTTPS on the Internet.
You can use a self signed cert between CloudFlare and your server by the looks of it. The optimistic point though I agree on. Hopefully there's some way of telling if your traffic from CF to origin is secure.
Wouldn't want the next big community to be fake-secure to save a few quid
Thanks for the link. I'm really surprised by the presence of the "flexible" option since it provides little more than a facade of security. (A self-signed cert is also insecure, though less so, unless there's some way to pin it on the CloudFlare side.)
Right now, launching without CloudFlare would almost certainly result in the unfortunate death of my VPS. SSL would only expediate that. OTOH, the minimum paid CloudFlare package would quadruple my hosting costs - I'm not running enterprise scale infrastructure for my personal site!
If CloudFlare do make it part of their free package, I will definitely use SSL by default.