What are the security concerns with SSL termination?

After SSL termination decrypts the data at the Cloud Load Balancer, it passes the unencrypted data to any nodes that are configured for that device.  If you have nodes that are not in the same data center as the SSL-enabled load balancer, that unencrypted data is sent over the public IInternet to those nodes. Therefore we recommend that you use an SSL-enabled load balancer only with nodes that reside in the same data center as the load balancer. The proximity allows the load balancer to use the nodes’ private IP addresses (the ServiceNet) to limit unencrypted traffic to within the data center’s network, as illustrated in the following diagram.

© 2015 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

See license specifics and DISCLAIMER