yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1523222] Re: [RFE] Add LBaaSv2 TLS re-encryption to backend members

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1523222@xxxxxxxxxxxxxxxxxx>
Date: Tue, 12 Apr 2016 04:17:45 -0000
Reply-to: Bug 1523222 <1523222@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

[Expired for neutron because there has been no activity for 60 days.]

** Changed in: neutron
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1523222

Title:
  [RFE] Add LBaaSv2 TLS re-encryption to backend members

Status in neutron:
  Expired

Bug description:
  Most of the load balancers allow termination of TLS connections. A load balancer may run a TLS connection on the client side while running an unencrypted connection at the server side - which is called offloading and is currently supported by the LBaaSv2 API.
  Another common practice is terminating the TLS connection at the load balancer - in order to allow L7 decision making or header manipulation, and running a TLS session on the server side. This is not supported by the current implementation.

  This involves two items:
  - Allowing a protocol of HTTPS for members.
  - Toggling the bits in the haproxy config file that connect via tls to members, instead of cleartext.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1523222/+subscriptions

References

[Bug 1523222] [NEW] LBaaSv2 TLS support is limited to offloading
From: Kobi Samoray, 2015-12-06