Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What are you quoting from? That text doesn't appear in the linked article.


This is how SSL works if you use Cloudflare. You have to hand them your private key. Also the article doesn't state this, I would guess they mean that everyone on their service should use ssl (maybe they will enable ssl on their free plan or something). I may be wrong, lets see what they will write on their blog.


My understanding is that they generate their own ssl key and certificate to use on your site. So they mitm your site, yes (I don't see how their service could work otherwise). If you're worried that they could enable the NSA to decrypt all your site's traffic: yes, they could do that.

But if you're worried that they could enable the NSA to decrypt all your site's past traffic: no, I don't see how they could do that.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: