Re: TLS for everything

Home Messages Hashtags Subgroups

Peter Burkholder #9164 We may run into similar requirements for cloud.gov, so TLS everywhere would be A+. toggle quoted message Show quoted text On Tue, Sep 15, 2020 at 1:45 PM Jon Price <jon.price@...> wrote: Hi everyone, There has been a lot of excellent progress in securing all CF traffic with TLS and as far as I can tell there are only a few things that are still unencrypted. Is there a timeline or any plans for these last few things? 1) routing-api - still using both TLS and non-TLS in the cf-deployment. The http endpoint is what is registered in the router. Is there a reason for still enabling both? 2) metrics-discovery-registrar-windows - not using nats-tls hostname, falling back to 4222 3) route_registrar - not using nats-tls 4) gorouter - not using nats-tls We have a requirement that all traffic on the network is encrypted and I would really love to stop running IPsec. :) Jon Price Intel Corp. -- - Peter Burkholder \| cloud.gov compliance & security please use cloud-gov-compliance@... for cloud.gov matters 202-709-2028 \| peter.burkholder@... \| pronouns he-him Free/Busy Calendar
More All Messages By This Member

Join {cf-dev@lists.cloudfoundry.org to automatically receive all group messages.