Re: TLS for everything

Home Messages Hashtags Subgroups

Miki Mokrysz <miki.mokrysz@...> #9165 +1 on desiring everything to be encrypted on the network. We’re under the impression that Silk (apps.internal) traffic between cells is also unencrypted. toggle quoted messageShow quoted text On Tuesday, 15 September 2020, Peter Burkholder via lists.cloudfoundry.org <peter.burkholder=gsa.gov@...> wrote: We may run into similar requirements for cloud.gov, so TLS everywhere would be A+. On Tue, Sep 15, 2020 at 1:45 PM Jon Price <jon.price@...> wrote: Hi everyone, There has been a lot of excellent progress in securing all CF traffic with TLS and as far as I can tell there are only a few things that are still unencrypted. Is there a timeline or any plans for these last few things? 1) routing-api - still using both TLS and non-TLS in the cf-deployment. The http endpoint is what is registered in the router. Is there a reason for still enabling both? 2) metrics-discovery-registrar-windows - not using nats-tls hostname, falling back to 4222 3) route_registrar - not using nats-tls 4) gorouter - not using nats-tls We have a requirement that all traffic on the network is encrypted and I would really love to stop running IPsec. :) Jon Price Intel Corp. -- - Peter Burkholder \| cloud.gov compliance & security please use cloud-gov-compliance@... for cloud.gov matters 202-709-2028 \| peter.burkholder@... \| pronouns he-him Free/Busy Calendar
More

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.