If I am correct this bug only exposed HTTP request and all request through TSL never was exposed…
Olof Haglund

No, *everything* is affected. When using CloudFlare, TLS doesn’t protect your data because CloudFlare is (by design!) intercepting the requests and re-encrypting them, which is precisely the thing TLS was supposed to prevent.

I’ve written more about this problem at http://cryto.net/~joepie91/blog/2016/07/14/cloudflare-we-have-a-problem/, but the summary is: consider any TLS going through CloudFlare to be ‘fake’ TLS. It doesn’t provide the security you think it does.

Show your support

Clapping shows how much you appreciated Sven Slootweg’s story.