Can I use SSL termination for sensitive data, and if not what is the point of even using SSL with termination?

I have read, namely on Rackspace, that one should not use SSL termination for sensitive information (search the page for "SSL Termination should not be used"). Firstly, why would that be the case. Secondly, what in the world is the value of having SSL, if you can't trust that the data is securely transported?

My guess on the first question is that somebody could just add an X-Forwarded-For header with an HTTPS URL, if they knew the direct IP of the server, bypassing the load balancer entirely, and coming in on port 80. I could overcome that via iptables (only allow port 80 from the load balancer), right?

Notes: My servers are in the same private network as the load balancer (regarding the "What are the security concerns?" note in that Rackspace article).


What they're telling you is that if you choose to have the SSL end point on your end be in the load balancer (rather than a server that the load balancer routes to) then you should be aware that regardless of how safe the data was on the way to the load balancer than once it leaves the load balancer it is in the clear. In a private data center it is not uncommon to have SSL processing offloaded to load balancers or specialized hardware and then have the inner pipe (the one that was formerly wrapped in SSL) continue off to regular webservers for servicing.

The warning they give is that if your cloud servers are not in the same datacenter as your load balancer that if you unwrap the ssl session in the load balancer the traffic from their to the webservers will be transparent and routed across the public network.

As for your speculation on the X-forwarded-for stuff, you misunderstood what they meant. They are saying that if your web-service wants to ensure that clients are using SSL but you are stripping off the SSL wrapper at the load balancer that they can have the load balancer stick an extra header for your webserver so that you know that the client DID use SSL even though your webserver will say that no SSL is in use.

hope that helps you out


The rackspace doc you mention is a little unclear, but I believe the intent is this:

You want sensitive information using SSL as much as possible. (all the way from the client to your database)

If you enable SSL termination at the load balancer tier, the security stops there. (sensitive data would be transmitted in plaintext between your loadbalancer tier and your app tier.)

I believe that this is the intent in the documentation. You should avoid any unencrypted transfer of sensitive data.

Yes, you might be in the same 'private network', but your customers will be better served with encrypted traffic end to end.

Best of luck.