I am currently working on an Adobe CQ5 (CMS) application that will be serving sensitive information, so communications should be encrypted using SSL end-to-end.
The problem is that it is not currently possible for a Dispatcher (caching reverse proxy) to talk to a publish instance directly using SSL. On the Enabling HTTP over SSL page, there is a link to a knowledgebase article that describes configuration for CQ4 using stunnel.
The solution will run on Windows Server 2008 hosts.
My questions are:
- Is this secure?
Could an attacker with access to the dispatcher box "sniff" traffic going into the tunnel? - Are there any alternatives?