Re: [EXTERNAL] Re: Flow collection and analysis

[Chris Adams <cma () cmadams net>]

Once upon a time, Laura Smith <n5d9xq3ti233xiyif2vp () protonmail ch> said:
> I don't know about anyone else here, but frankly in 2022 TLS support should be a first class citizen.
>
> If I have to mess around with running something else as a proxy in front of it then that's the end of my software 
> evaluation.
>
> Crypto is no longer "nice to have" option these days.

Having every thing under the sun trying to implement the complexities of
TLS leads to lots of failures and security issues... so lots of web
things are designed to be simple and only implement HTTP, listen on
localhost, and let a well-optimized front-end (e.g. nginx) handle the
crypto side (as well as all the weird things browsers do).

It also makes it easier from an system admin point of view, because
handling cert updates in nginx is easy and well-known, so you don't have
to figure out 27 different ways alternate software handles certs and
updates.

-- 
Chris Adams <cma () cmadams net>