- We have turned off header compression in TLS
- We have turned off header compression in SPDY 3.1
- We have turned off RC4
- We have turned off SSL 3.0
- We support TLS_FALLBACK_SCSV
- We don't support renegotiation with clients
- We have disabled DHE ciphersuites
- We have disabled the export-grade ciphers
These mitigations are designed to protect against the following attacks -
CRIME, BREACH, POODLE, RC4 Cryptographic Weaknesses, SSL Renegotiation Attack, Protocol Downgrade Attacks, FREAK and LogJam
In addition to this, we have also patched our servers against HEARTBLEED, Lucky Thirteen and the CCS injection vulnerability. Finally the CloudFlare WAF has had rules added to it to mitigate several of these vulnerabilities including Heartbleed and ShellShock.
BEAST is primarily a client side attack. BEAST uses a Java applet to violate the same origin policy on browsers in order to exploit a well known CBC vulnerability in TLS 1.0. The CBC vulnerability exploited in BEAST had actually been known since 2002, but it wasn't until 2011 that a practical demonstration was made at Blackhat. There is still no BEAST exploit "in the wild". As BEAST is a client side issue much of the focus has been on mitigating it client side too. As of October 2013 all modern browsers have implemented the recommended mitigations to fix the BEAST attack. The only viable mitigation that exists for older, vulnerable browsers is to prioritize RC4 over CBC in TLS 1.01. However given that RC4 carries a much more serious vulnerability - a vulnerability for which there are both working proof of concepts for as well as indications that other more sophisticated attackers may have broken the cipher completely. Consequently we at CloudFlare have chosen to stick with CBC until it comes time for us to switch off TLS 1.0 entirely. At any point, this position may change depending on how the threat landscape evolves.