|
|
|
|
|
|
by daemon13
4627 days ago
|
|
|
thank you for update >> I still believe that using PFS, even with this limitation, is safer ... I definitely agree, the problem is that usually there is more than 1 web server :-) >> The standard is still to point clients to a single termination endpoint, and do active/passive cluster, so that there's no need to share the session tickets. Sorry, I did not understand (esp. the active/passive cluster thing) - could you please may be add some pointers (blog post, etc) with more details? |
|
|
I think that what he means is that you terminate SSL on the load balancers (= single termination endpoint), then have your cluster beneath it (non-SSL/TLS, or new SSL/TLS connection, thus different tickets)