[Openstack-security] SSL proxies vs. native SSL support
Bryan D. Payne
bdpayne at acm.org
Wed Mar 26 16:05:12 UTC 2014
>
> Should the effort then shift to running the services in these real web
> servers to take advantage of better SSL performance and not leave an
> exposed underbelly?
>
Ideally yes, but that's a relatively big change for a relatively small
gain. The "exposed underbelly" in this case isn't such a big deal in the
grand scheme of things. Basically it is just transporting some information
in the clear __within a local system__.
> I'm not sure I follow your reasoning on the HTTPConnection/requests change
> though. On the one hand these web servers pay closer attention to security
> and yet the OpenStack clients are replacing their insecure client library.
> So it seems to me that it is gaining attention. And really, that is where
> the big problem is anyway with some clients not doing any sort of
> validation now.
>
Requests is great, but it still doesn't get nearly the security /
performance scrutiny that projects like Apache or Nginx receive.
-bryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140326/73363875/attachment.html>
More information about the Openstack-security
mailing list