(Not sure if this is more "The Lounge" worthy.) CloudFlare today announced that customers using their free offering will now have the ability to encrypt their connection by default (functionality that was initially only available on higher-tier plans). They're referring to this upgrade as "Universal SSL" and are rolling it out to all users throughout the day. A much more detailed explanation of what they're doing can be found here, on their blog. I'm an advocate of using encryption whenever and wherever possible, and as such I think this is a huge step in the right direction. This being said, I'm confused as to what's being offered here. Are they encrypting by way of auto-provisioning SSL certificates for every customer's connection? Or are they simply enabling any given customer to purchase an SSL certificate and use it with their CloudFlare-protected websites? I have not used CloudFlare in a while and their service has evolved pretty quickly. From the blog entry linked above, they make it sound as if they're automatically securing their customers connections with some sort of certificate that has been developed for "mass use." Bottom line: my understanding of how they're doing this is incredibly limited. Thoughts? I'm genuinely interested in seeing how this pans out for them.