CloudFlare has over two million registered websites using their free cloud service. In an attempt to keep them on the service and draw in more free users, CloudFlare will now add Universal SSL to every new user account.
SSL or secure socket layers offers a higher level of encryption between a website and user. The user will be able to check the website out through HTTPS (HTTP Secure), keeping them away from any viruses or programs sitting on the website.
This is a big move by CloudFlare, to push their own SSL service out for free. Normally, SSL certificates cost a few dollars per year and hosting providers normally try to attach their SSL security onto the hosting cost, to grab a bit extra from website owners.
There are a few changes to the typical SSL, in order for CloudFlare to scale their SSL to two million websites. The first is legacy support, CloudFlare’s SSL will only support modern browsers that support the ECDSA.
CloudFlare pointed to two problems with not supporting legacy browsers, Windows XP and Android pre-Ice Cream Sandwich, so basically the 20 percent of people still running Gingerbread. These users still won’t be secure, but anyone still running Windows XP should know that they are not secure.
Some other issues with Universal SSL is it is not implemented on default, unlike their paid SSL support. This means users either have to go to your website via HTTPS or you need to find a free SSL certificate and then tack on CloudFlare.
There seems to be some trouble internally with the rollout of CloudFlare SSL. The team has pushed back estimations of delivery until October 3, following the vast amount of people looking for free SSL support.