undefined | Better HN

0 pointsr1ch9y ago0 comments

Why provide the option to use unencrypted origin connections then? If a customer wants SSL, make them do it right.

0 comments

3 comments · 1 top-level

michaelt9y ago· 2 in thread

Presumably because some people have backends that don't support SSL (e.g. anything hosted on S3) and CloudFlare thought "eh, some encryption is better than nothing, and they're going to let us MITM their encrypted connection anyway so they're obviously not a bank or something really important"

nileshtrivedi9y ago

Good example where "false sense of security" can trump "something is better than nothing".

taf29y ago

it still is providing more security. yes it has a security hole, but for example if i'm in starbucks - you can't sniff out my cookies over the ssl encrypted traffic. Sure a backend provider can, but it's a layer of protection... I suppose an interesting question here is there away for the browser client to detect this type of hole and alert end users to the risk...

1 more reply

j / k navigate · click thread line to collapse