You can configure an ELB to do straight TLS passthrough, using TCP 443 -> TCP 443. The ELB is load balancing streams it can't read, and the TLS configuration is passed through from the underlying instance(s).
At a minimum, I have to update the ELB document in this repo to allow for this possibility, which I wasn't aware of when I wrote it.
But more than that, I want to benchmark the process to make sure it's not prohibitively non-performant. I'll plan to use wrk for the job.
konklone
commented
9 years ago
You can configure an ELB to do straight TLS passthrough, using TCP 443 -> TCP 443. The ELB is load balancing streams it can't read, and the TLS configuration is passed through from the underlying instance(s).
At a minimum, I have to update the ELB document in this repo to allow for this possibility, which I wasn't aware of when I wrote it.
But more than that, I want to benchmark the process to make sure it's not prohibitively non-performant. I'll plan to use
wrkfor the job.