More and more websites are looking to enable SSL encryption to protect their visitors from eavesdroppers and hackers. Now web infrastructure company CloudFlare will make it a bit easier by adding that feature to the free version of its hosting service.
Revelations about government snooping and Google’s decision to prioritize sites with encryption turned on in its search results have given SSL a big push.
However, cost and complexity have meant that before Monday fewer than 0.4 percent of websites were encrypted, according to CloudFlare. It aims to boost that with Universal SSL, which works regardless of budget or technical know-how, the company said. The two million sites that today use the free version of CloudFlare’s service will be the first that are able to take advantage of the feature.
Having encryption may not seem important to a small blog, but it’s critical to advancing the “encrypted-by-default future” of the Internet, according to CloudFlare. Every byte that’s protected makes life more difficult for those who wish to intercept, throttle, or censor the web, the company said in a blog post on Monday.
For sites that didn’t have SSL before, CloudFlare will use its Flexible SSL mode by default. That means traffic from browsers to CloudFlare will be encrypted, but traffic from CloudFlare to a site’s server will not. Site owners need to install a certificate on their web servers to encrypt that segment, as well. To help, CloudFlare will publish a blog post with instructions.
A bonus with Universal SSL is that the feature is compatible with SPDY, a protocol used to speed up web traffic by minimizing latency.
As with many free services there are some limitation compared to paid plans. The main one in this case is that Universal SSL only works with modern browsers, which excludes about 20 percent of web requests. To get support for all browsers, users need to sign up for CloudFlare Pro (which costs from US$20 per month), Business or Enterprise.