Re: TLS for everything

Home Messages Hashtags Subgroups

Miki Mokrysz <miki.mokrysz@...> #9165 +1 on desiring everything to be encrypted on the network. We’re under the impression that Silk (apps.internal) traffic between cells is also unencrypted. On Tuesday, 15 September 2020, Peter Burkholder via lists.cloudfoundry.org <peter.burkholder=gsa.gov@...> wrote: toggle quoted messageShow quoted text We may run into similar requirements for cloud.gov, so TLS everywhere would be A+. On Tue, Sep 15, 2020 at 1:45 PM Jon Price <jon.price@...> wrote: Hi everyone, There has been a lot of excellent progress in securing all CF traffic with TLS and as far as I can tell there are only a few things that are still unencrypted. Is there a timeline or any plans for these last few things? 1) routing-api - still using both TLS and non-TLS in the cf-deployment. The http endpoint is what is registered in the router. Is there a reason for still enabling both? 2) metrics-discovery-registrar-windows - not using nats-tls hostname, falling back to 4222 3) route_registrar - not using nats-tls 4) gorouter - not using nats-tls We have a requirement that all traffic on the network is encrypted and I would really love to stop running IPsec. :) Jon Price Intel Corp. -- - Peter Burkholder \| cloud.gov compliance & security please use cloud-gov-compliance@... for cloud.gov matters 202-709-2028 \| peter.burkholder@... \| pronouns he-him Free/Busy Calendar
More

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.