To save people a long read, there's nothing particularly surprising in these details. The key is held by the origin; when a computation using the key is needed the origin is asked to perform it over a secure connection. They have improved support for session resumption in a distributed environment (which is even more important now that key computations are even slower), this is commonly done as closed-source, and CloudFlare have promised to open-source it.
Good improvements, and session resumption is important to implement, but nothing groundbreaking.
Good improvements, and session resumption is important to implement, but nothing groundbreaking.