Re: SSL termination for private domains

Carlo Alberto Ferraris

Our current policy to our users is SNI by default, i.e. unless they explicitly require non-SNI TLS termination they get SNI termination. We went with this because browser support seems good[1] and because there are "easy" (albeit manual) workarounds (request a non-SNI VIP, use a CDN).

Granted, even with SNI TLS termination in gorouter we should still be able to perform TLS termination somewhere else for the few cases in which no SNI is really a requirement - but for this it's enough to not change the HTTP listener behavior.


Join { to automatically receive all group messages.