[mdouglass]

Is there any intent to add TLS termination? That’s a dealbreaker for us switching from the classic load balancer. Otherwise this looks really awesome, thanks!

[nonane]

I don't think they can add TLS termination because of the way it's implemented. NLB runs on Layer 4 - the transport layer where TCP/UDP run on. TLS technically runs on top of the transport layer.

[mdouglass]

That’s kind of the answer I was expecting, just hoping it wasn’t the case. From the marketing material they really want you to move, but not having a solution to offload tls makes it impossible for us. And it worries me to see the CLB getting effectively deprecated with it an alternative

[seanp2k2]

ALB can term TLS for h2 and wss: https://aws.amazon.com/elasticloadbalancing/ sounds like that's what you might want?

[mdouglass]

Unfortunately we are currently on a custom TCP-based protocol (we're in the game space). But yes, this is more incentive for us to consider h2 or wss.

[EwanToo]

I'm hopeful AWS will follow this up with ACM supporting SSL certs on instances, so you can run a LetsEncrypt equivalent on each instance, providing TLS end to end encryption

[paulddraper]

Huh? It's no different than ELB.