Cloudflare is pushing for better quality internet encryption and they have recently announced the rollout of three new encryption features: TLS 1.3, Automatic HTTPS Rewrites, and Opportunistic Encryption. Cloudflare Releases New Encryption Features
Leading the announcement is TLS 1.3 which eliminates some problematic features with the cryptographic algorithms present in TLS 1.2. TLS 1.2 has been around since 2008 and while fairly secure, it’s often not configured properly and can be more vulnerable to attacks. With TLS 1.3, the new protocol makes it easier for server administrators to deploy secure-by-default HTTPS configurations. HTTPS (HTTP Secure) is a mix between HTTP and TLS and improves the handshake process speed between a browser and a web server and essentially cuts the time in half, especially on cellular networks. All Cloudflare users will now have the option to turn on TLS 1.3 support in the Crypto tab of their CloudFlare dashboard. While the TLS 1.3 is now available, it is still under development and a final version is expected soon.
Automatic HTTP Rewrites is Cloudflare’s push for users to move their entire content and site to use HTTPS. Back in 2014, Cloudflare started to offer Universal SSL, or the ability to have unrestricted SSL. Despite the availability, some websites were still unable to go secure because of ‘mixed content’ problems where content is loaded using unencrypted HTTP on an HTTPS site. When this occurs, users are indicated with warnings for passive content (i.e. images), and blocking insecure active content (i.e. scripts, stylesheets) from loading, causing most administrators to prefer using HTTP. Cloudflare claims that Automatic HTTPS Rewrites eliminates the mixed content problem by automatically replacing “http” with “https” in the page source for all sub-resources available over HTTPS.
In some cases, several websites have sub-sources that cannot support HTTPS content at all (i.e. ads), so they avoid using HTTPS. Cloudflare’s solution is Opportunistic Encryption, a web feature that allows HTTP websites that have yet to upgrade to SSL to be accessed over an encrypted HTTP/2 connection, so that they can have access to significant speed improvements of HTTP/2. As of now, the opportunistic encryption feature is only supported by Mozilla Firefox.