|
|
|
|
|
|
by rdl
3806 days ago
|
|
|
If it's all going in AWS, I don't see a huge difference between terminating in the ELB vs. terminating on the VMs. It might help you if the ELB got misconfigured, but AWS managing/provisioning the keys keeps them safe from being misplaced, too, so on balance it's probably better. If you had on-premise servers, or a different/more secure host vs. intermediary/load-balancer, I could see the value of end to end. (especially if you have a long-lived cert, a pinned cert, EV, whatever). (and of course crypto between the intermediary and the servers, if it's not on a physically secured LAN segment) |
|
|