TLS for everything
There has been a lot of excellent progress in securing all CF traffic with TLS and as far as I can tell there are only a few things that are still unencrypted.
Is there a timeline or any plans for these last few things?
1) routing-api - still using both TLS and non-TLS in the cf-deployment. The http endpoint is what is registered in the router. Is there a reason for still enabling both?
2) metrics-discovery-registrar-windows - not using nats-tls hostname, falling back to 4222
3) route_registrar - not using nats-tls
4) gorouter - not using nats-tls
We have a requirement that all traffic on the network is encrypted and I would really love to stop running IPsec. :)