0

I have a situation that can be better illustrated in the network diagram below.

My scenario:

  • Client Web Server (external party) is using TLS 1.2.
  • In my network, My Web Server is fronted by a NLB (Network Load Balancer).
  • The NLB is using TLS 1.2, supporting 2-way certificate authentication between Client Web Server and NLB over HTTPS connection.
  • My Web Server (old server) is using TLS 1.0.

Network diagram

Questions:

1) Is it the best practice / recommendation to terminate (i.e. offload the TLS 1.2 certificate) at the NLB side?

2) If I want to maintain HTTPS connection between the NLB to My Web Server, what options do I have? Note that My Web Server (old server) is using TLS 1.0. Are there any limitations to options?

Any recommendation will be appreciated.

Thanks, Medan

medan
  • 1

1 Answers1

0

If "Sample Network" is a trusted network, and access is limited to machines (and possibly people) that are fully trusted (such as in a DMZ), then it would be better to terminate TLS at the load balancer, and have plain HTTP between the LB and the web server.

Is there any requirement to have HTTPS between the load balancer and the web server - what advantage does it give?

SilverlightFox
  • 33,408
  • 6
  • 67
  • 178
  • The reason why HTTPS is required between LB and web server is because there is still a requirement to encrypt the data up to web server receiving it. Will a new cert be required from LB to web server? – medan Dec 04 '15 at 05:06