TLS Termination

TLS termination is the process of decrypting TLS-encrypted traffic at a load balancer, reverse proxy, or CDN edge node, before forwarding the decrypted request to backend servers. This allows backends to be simpler and reduces CPU load from TLS on application servers. A security concern is that traffic between the edge and backend may be unencrypted unless you also configure TLS for the origin connection (sometimes called "end-to-end TLS" or "SSL passthrough"). PCI-DSS requires encryption of cardholder data in transit, including internal segments.

Why it matters for your website

• 1Can result in traffic interception, phishing attacks using your domain, or service disruption
• 2Often discovered and exploited before organizations notice
• 3Preventable with proper monitoring and defensive DNS configuration