Comment by soheil

8 years ago

What are the benefits of terminating SSL early at the CDN level? It seems to me the risks associated with not having SSL still remain they're just shifted to between the CDN and the backend. Is it much more than just giving lip service to SSL and getting away with things like browser restrictions, etc.?

3 comments

soheil

Reply
Laforet  8 years ago

DDoS protection and general ease of use. There are several options for the extent of encryption between CF's edge and the origin server but the onus is on the site owner to configure it properly.

Sure it defeats the ideals about TLS and the internet in general ala "every connection should be point to point" but we've been ruining that with firewalls and NATs for a long time and having some degree of TLS is still better than nothing at all.

orthecreedence  8 years ago

> It seems to me the risks associated with not having SSL still remain they're just shifted to between the CDN and the backend

Exactly, it's a really bad idea for anyone who cares about their users' privacy. It's essentially an opt-in MITM attack...one that, apparently, leaks data everywhere.