The Cloudflare Blog: Automatically Secure: how we upgraded 6,000,000 domains by default to get ready for the Quantum Future

Sep 24, 2025

—

Source URL: https://blog.cloudflare.com/automatically-secure/
Source: The Cloudflare Blog
Title: Automatically Secure: how we upgraded 6,000,000 domains by default to get ready for the Quantum Future

Feedly Summary: After a year since we started enabling Automatic SSL/TLS, we want to talk about these results, why they matter, and how we’re preparing for the next leap in Internet security.

AI Summary and Description: Yes

Summary: The text outlines Cloudflare’s Automatic SSL/TLS service, which automatically upgrades domain encryption to the most secure mode available without customer intervention. This evolution is crucial for maintaining web security as it addresses the changing landscape of internet traffic and potential vulnerabilities posed by quantum computing. The insights into TLS evolution, along with Cloudflare’s proactive measures, highlight significant advancements in encryption protocols that security professionals should monitor to stay ahead in web security practices.

Detailed Description: The provided text discusses the evolution and implementation of Cloudflare’s Automatic SSL/TLS service, illustrating its core objectives: enhancing web security by default and adapting to the changing internet security landscape due to emerging threats such as quantum computing. Below are the key points covered:

– **Automatic SSL/TLS Overview**
– Automatically scans origin server configurations and upgrades to the best supported encryption mode.
– Over 6 million domains have been automatically upgraded, enhancing security without customer intervention.

– **Transport Layer Security (TLS) Overview**
– TLS enables secure communications between clients and servers through a handshake process that establishes a shared secret key.
– TLS 1.3 optimizes speed and security, reducing latency compared to its predecessor TLS 1.2.

– **Post-Quantum Cryptography (PQC)**
– Transitioning to PQC is crucial due to the potential future threat of quantum computers compromising current encryption standards.
– Cloudflare is integrating hybrid key agreements using classical and post-quantum algorithms to prepare for quantum threats.

– **CDN Influence on TLS**
– The rise of Content Delivery Networks (CDNs) has changed how TLS is implemented, creating separate layers for browser-edge and edge-origin communications.
– Automatic SSL/TLS serves as a bridge, modernizing encryption while still accommodating legacy origins.

– **User Behavior and Automation Challenges**
– Despite recommendations for improved encryption modes, only 30% of users followed through. Automatic SSL/TLS addresses this by executing upgrades automatically.

– **Monitoring and Reporting**
– The service includes a proactive scanning mechanism to ensure that domains are consistently checked for optimal security configurations, with updates communicated to customers for visibility.

– **Future Developments**
– Cloudflare plans to add features like ad-hoc scans for immediate evaluation of origin configurations and enhanced error surfacing for better customer control.
– Efforts to integrate PQC automatically into the Automated SSL/TLS framework are underway, ensuring both improved security and performance in connection establishment.

In summary, this content demonstrates practical implications for security and compliance professionals, emphasizing the need for awareness of emerging encryption standards and proactive measures in security practices. Cloudflare’s innovations aim to simplify the complex landscape of web security, making robust protections accessible to all internet users.

1 2 3 a access Act addresses advancement advancements after AI algorithm algorithms All and art as at ated Auto Automatic SSL automation aware awareness Behavior Best Bi bot browser by C challenge challenges CI CIA class cli client clients Cloud Cloudflare co Col communication Communications. compliance compliance professionals compute computer Computing Configuration configurations content Content Delivery content delivery network content delivery networks Content Delivery Networks (CDNs) control core Crypto cryptography Current custom Customer customer control D de default demo development developments DNS domain domains e edge emerging emerging threats encryption encryption modes encryption protocol Encryption Protocols Encryption Standards end error evaluation fault feature features for framework future future developments g Go grade graph H hands handshake high Highlight HR http HTTPS hybrid implementation implications implications for security in Influence innovation Innovations insights inter intern internet internet security internet traffic io ite J k Key l land latency layer security led Li line long low M making man matt measures media Mode Modern Monitor monitoring N network networks next no o of on only ons OPM opt oS out over per performance point porting post post-quantum post-quantum cryptography potential practical implications practices pre pro proactive proactive measures process professionals protection protocol protocols ps Q quantum quantum algorithms quantum computers quantum computing quantum cryptography Quantum Threat quantum threats R rate RCE re ready recommendations red report reporting Ro RoT row s scanning sec secure secure communication secure communications security security and compliance security configurations security landscape security practices security professionals server server configuration servers service SHA Sig Sim source speed SSE SSL SSO standards STAR start support T ted text the threat threats TLS to Tor TP traffic transition Transport Layer Security Transport Layer Security (TLS) two under up update updates upgrade upgrades US use user user behavior Users V val Valuation visibility vulnerabilities WAN Ware web Web Security Wi x z