It appears CloudFlare, the DNS CDN (among other features company, has significantly beat their own deadline. Initially promising mid-October to enable SSL for all of their free customers, the company announced they have begun the roll-out of that feature today. They are still provisioning free clients for their new Universal SSL service but upon signing in, you’ll be greeted with a popup layer announcing the change.
From what I have seen, CloudFlare appears to be implementing the feature in such a way that there can be little complaint. The feature will default to their Flexible SSL mode for sites without HTTPS before. This will allow visitors to find the site by adding https in the URL but not mandate it for others. Site owners can optionally configure page rules on CloudFlare to redirect all sites onto the HTTPS version of their sites.
The Flexible SSL encrypts traffic from CloudFlare to the site visitor but the traffic between CloudFlare and the origin server is left unencrypted. Later today, CloudFlare promises another blog post with instructions on how to encrypt the traffic between the origin server and CloudFlare for their Full or Strict SSL modes.
There are two downsides to CloudFlare’s SSL that I have heard. While they have conquered most technical limitations with CPU load and IPv4 exhaustion, they are dependent on site visitors having modern browsers in order to handle this version of SSL. If a client cannot update their browser to one that supports Server Name Indication or SNI, they could always visit the HTTP version of the site. Alternatively, the paid version of CloudFlare has SSL that supports all browsers.
The other critique has been the wildcard domain SSL certificates that CloudFlare uses means some questionable sites and domains could be listed alongside your site within the certificate. It’s not somewhere that the average user is going to be poking around but particularly with free sites now being enabled, this only further reduces that barrier of entry.
Last month, Google announced that it would take HTTPS into weighted consideration for determining a site’s PageRank. CloudFlare’s Universal SSL should make many site owners happy to benefit from the site improvement while the security of the web will also increase as will the size of the SPDY universe, Google’s improvement to faster traffic processing for SSL-enabled sites.