ietf
[Top] [All Lists]

Re: IETF web site behind CloudFlare

2014-09-16 23:23:00
On 17/09/14 02:24, Paul Wouters wrote:
How does this mechanism work when there is traffic using TLS? Is there a
MITM cert?

According to CloudFlare Support
(<https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-three-SSL-options-off-Flexible-Full-mean->)
there are options for how SSL (or TLS rather) operates. It can be User
--TLS--> CloudFlare --> Server (as they put it: front-end over TLS,
back-end over TLS) or User --TLS--> CloudFlare --TLS--> Server (as they
put it: front-end over TLS, back-end unencrypted).

CloudFlare receive a valid certificate from GlobalSign (it would seem)
and present that to the browser. Although you do have the option to
upload your own private key for 'Business and Enterprise plans'. While
I'm can't find their justification for requesting them, I don't believe
it constitutes a MITM certificate. It's also likely that other CDN
providers have similar setups as well.

Regards,
Tom Thorogood.

[Disclosure: Fully satisfied CloudFlare customer.]