|
|
|
|
|
|
by simon_vetter
4101 days ago
|
|
|
Use these services as tcp load balancers and terminate SSL on your backends. Using a LB to offload SSL termination might seem like a good idea (you save a bit of CPU, really not more than a few percent in practice), but you expose your customer traffic to capture/inspection between the LB and your backends. This network can span multiple hops or even datacenters. Also, when the next openssl vuln hits, you can patch your setup in no time and do not need to wait for the LBs to be patched at your vendor's will. |
|
|