Bitcoin Forum
June 19, 2024, 06:28:05 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Cloudflare sites relinquishing SSL private keys?  (Read 1457 times)
agent13 (OP)
Newbie
*
Offline Offline

Activity: 26
Merit: 0


View Profile
November 30, 2013, 08:30:05 PM
 #1

Is it correct that in order for a site to utilize Cloudflare to protect them from DDOS on port 443 (SSL), that site must install their CA signed cert (private key) on Cloudflare's servers? I think Cloudflare did a deal with a CA to even stream-line this process.

Regardless of how data between Cloudflare and the site's real IP is subsequently proxied, does this effectively mean that said site must implicitly trust Cloudflare and any parent it may be answerable to? Is this a MITM scenario?

Due to the nature of SSL and CA infrastructure in general, I don't think there is a way around this natively. Is there a way for a third-party to filter (ie from flood) your SSL data securely? If not, perhaps some JS crypto could fill the gap between site and user? Of course, secure JS delivery has its own problems under such a scenario..
TheoryOfBitcoin
Newbie
*
Offline Offline

Activity: 38
Merit: 0


View Profile
December 01, 2013, 06:20:56 AM
 #2

You don't need to install a CA cert, you just paste your ssl private key to cloudflare.
agent13 (OP)
Newbie
*
Offline Offline

Activity: 26
Merit: 0


View Profile
December 01, 2013, 06:41:57 AM
 #3

You don't need to install a CA cert, you just paste your ssl private key to cloudflare.

That is my point. Cloudflare then sees the unencrypted data. Apparently this is of no concern?
agent13 (OP)
Newbie
*
Offline Offline

Activity: 26
Merit: 0


View Profile
December 01, 2013, 06:43:12 AM
 #4

Why this was moved to "Off-topic" I do not understand. I originally posted Economy/Marketplace. Many Bitcoin sites use Cloudflare.
b!z
Legendary
*
Offline Offline

Activity: 1582
Merit: 1010



View Profile
December 01, 2013, 08:22:12 AM
 #5

You don't need to install a CA cert, you just paste your ssl private key to cloudflare.

That is my point. Cloudflare then sees the unencrypted data. Apparently this is of no concern?


I guess many websites trust Cloudflare enough to share their SSL keys.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!