1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
What I do know is that any traffic from the ALB to a target that is using SSL doesn’t strictly follow SSL standards.
The alb does not care if it connects to a target that’s running a self signed cert or a cert that’s expired.
That said you will never know if there’s a “man in the middle”
However, the information you have found regarding vpc traffic encryption is true which is transparent.
If it’s really a concern then end to end encryption may be needed to meet certain controls and standards. That’s I guess a business decision.
Not sure if that helps answer your question.
Contenuto pertinente
- AWS UFFICIALEAggiornata 3 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 4 mesi fa
- AWS UFFICIALEAggiornata 2 anni fa
"However, the information you have found regarding vpc traffic encryption is true which is transparent.", sure, but is AWS encrypting with the Caesar cipher, or are they doing something else? AWS seems confident in their encryption enough to tell users that it exists, so, they should make us confident in their encryption by telling us how it works.