[daveasdf]

This was indeed a pleasant surprise when I logged into my CloudFlare account.

What intrigues me is that CloudFlare missed an opportunity to allow secure self-signed certificates.

The new CloudFlare SSL setup allows the origin server to present to CloudFlare's servers either (i) an unverified self-signed certificates; or (ii) a certificate signed by a CA. Neither provides great security. In the former case, a MITM can trivially generate a new self-signed certificate. History has shown the latter case is also problematic, as there have been several events where CAs have generated invalid keys [1].

What would be nice is if I could generate a self-signed certificate and upload the fingerprint(s) to CloudFlare. CloudFlare would could then verify the fingerprint when connecting to my origin server, without needing to trust a CA.

Am I missing anything obvious as to why this wouldn't be as secure (or more secure) than the two options CloudFlare has introduced?

[1]: For instance: http://googleonlinesecurity.blogspot.com.au/2013/12/further-...

[jgrahamc]

Expect a further announcement down the line. We are working on solutions similar to those that you propose.

[jlgaddis]

I recall reading here on HN recently something about CloudFlare having their own internal CA infrastructure. I would expect them to allow customers to start generating certificates (signed by their internal CA) that they can deploy on the origin server.

[zaroth]

Personally, I was really hoping the backend connection would be secured by spiped, cutting the unnecessary complexity of TLS and certificate validation completely out of it.

That might exclude Windows servers (until someone ports it), and maybe harder in some cases to setup.