CloudFlare CEO Matthew Prince said he believes that users should not have to pay to be safe online.
CloudFlare CEO Matthew Prince said he believes that users should not have to pay to be safe online.

Website performance and security company CloudFlare announced on Monday that it would be supporting SSL connections to every customer – that includes about two million who have signed up for its free service.

The undertaking is being called Universal SSL and is being rolled out to all CloudFlare customers throughout Monday, after which it will be activated within 24 hours for new customers who sign up for the free plan, according to a Monday post by Matthew Prince, CEO of CloudFlare.

CloudFlare has been supporting SSL for paid customers since the company launched four years ago, but Prince believes that users should not have to pay to be safe online, he told SCMagazine.com in a Monday email correspondence.

“Increasingly, the Internet is moving to an encrypted-by-default standard, with new protocols such as SPDY and HTTP/2 requiring an encrypted connection,” Prince said. “We think it's important to make sure even smaller sites don't get left behind.”

What can happen to websites that do not have SSL enabled? Ultimately, Prince said, anyone can intercept, throttle or modify content as it flows across the internet. He added that a lack of encryption causes many of the most troubling issues on the internet.

“Encryption, for instance, is ultimately the solution to network neutrality – if bytes are encrypted then an ISP can't tell one from another and change how they're delivered,” Prince said. “Encryption is also the solution for authoritarian regimes that try to censor certain content.”

Now, CloudFlare will automatically provision a SSL certificate on its network that accepts HTTPS connections for customer domains and subdomains, according to the post, which explains that the certificates include an entry for the root domain and a wildcard entry for all first-level subdomains.

Websites without any SSL previously will be defaulted to CloudFlare's Flexible SSL option. By securing the connection from the device browsing a site and CloudFlare's network, Flexible SSL solves 95 percent of risk associated with passing unencrypted traffic online, Prince said.