2023-12-08, 08:07 AM
Thanks for the reply 
I am still a little unclear.
Multi services one port...could be useful I suppose. I understand that JF isn't hardened, but how does that apply here? Seems like you said the reverse proxy would handle the SSL handshake and choose the cipher..ok sure, but doesn't it just pass things on to the server after that? How is that functionally more secure than having JF do the handshake is the data is then just passed through the proxy to the server? It would be the same cert, right? So after the encryption is negotiated, the proxy would just pass anything good or bad through to the server anyway, right? Perhaps taking the cpu strain of the initial encryption from the host machine and putting that on the proxy?
How would it provide more security than the hardened network appliance I use as a gateway now? I don't just hang jf off a public IP and hope for the best.
I am still a little unclear. Multi services one port...could be useful I suppose. I understand that JF isn't hardened, but how does that apply here? Seems like you said the reverse proxy would handle the SSL handshake and choose the cipher..ok sure, but doesn't it just pass things on to the server after that? How is that functionally more secure than having JF do the handshake is the data is then just passed through the proxy to the server? It would be the same cert, right? So after the encryption is negotiated, the proxy would just pass anything good or bad through to the server anyway, right? Perhaps taking the cpu strain of the initial encryption from the host machine and putting that on the proxy?
How would it provide more security than the hardened network appliance I use as a gateway now? I don't just hang jf off a public IP and hope for the best.