Could you elaborate on this. My impression was that connections between data centres (e.g. in the case of using an EC2 instance with Cloudflare) were already very secure and therefore do not require SSL.
Right. If there were a diagram of this architecture, the NSA would scribble "SSL added and removed here" with a smiley face[1]. It's arguably even worse, since the traffic between CloudFlare and the origin server would be traveling in the clear on the public Internet, as opposed to in the clear within Google's private network.
There is also the practical concern for NSA that cloudflare is a well resourced, highly motivated company who has publicly committed to protecting customer data. It would be a lot easier to push around a small company or non profit, especially a company which didn't have the resources or freedom to defend itself. It would certainly be possible to try to get a company like CloudFlare, Twitter, etc to bend to the NSA's will , but they know they are basically guaranteed a fight. Much safer to go to a smaller hosting provider or the end user organization or personnel themselves.
It's reasonable to suppose that the NSA have a whole bunch of private signing keys for a whole bunch of CAs, and will just MITM anyone they please regardless of our puny efforts.
Agree with others that it depends on what you are trying to protect against. It's also worth reading through the options that Cloudflare supports for origin server communication:
eli|11 years ago
agwa|11 years ago
[1] http://www.washingtonpost.com/world/national-security/nsa-in...
rdl|11 years ago
nly|11 years ago
mmohebbi|11 years ago
http://blog.cloudflare.com/introducing-strict-ssl-protecting...