Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
xienze 4 days ago

Sure. The point is, don't bother letting the apps themselves do TLS termination. Too much work that's better handled by something else.

hedora 4 days ago | parent [-]

Also, moving termination off the endpoint server makes it much easier for three letter agencies to intercept + log.

qmarchi 3 days ago | parent [-]

Most responsible orgs do TLS termination on the public side of a connection, but will still make a backend connection protected by TLS, just with a internal CA.