On Wed, 2014-02-19 at 22:01 -0800, Stephen Balukoff wrote: > Front-end versus back-end protocols: > It's actually really common for a HTTPS-enabled front-end to speak > HTTP to the back-end. The assumption here is that the back-end > network is "trusted" and therefore we don't need to bother with the > (considerable) extra CPU overhead of encrypting the back-end traffic. > To be honest, if you're going to speak HTTPS on the front-end and the > back-end, then the only possible reason for even terminating SSL on > the load balancer is to insert the X-Fowarded-For header. In this > scenario, you lose almost all the benefit of doing SSL offloading at > all!
This is exactly correct. > If we make a policy decision right here not to allow front-end and > back-end protocol to mismatch, this will break a lot of topologies. Yep. Best, -jay _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
