tagomoris
commented
8 years ago The transport layer of secure-forward is just normal SSL/TLS. This plugin make an application layer to authenticate/authorize clients/servers on a top of it. Application layer on top of transport layer is almost same with "forward" protocol of Fluentd built-in plugin.
But currently, secure-forward plugin protocol always requires authentication/authorization handshake and forward plugin cannot understand such handshake protocol, so you cannot use Fluentd forward plugin as servers behind SSL/TLS terminators. That problem will be solved by this pull-request, which will be merged at v0.14.x. https://github.com/fluent/fluentd/pull/813
I have some questions regarding the secure forward plugin design.
Why was the plugin designed to have a separate custom protocol over SSL ? If it was simple SSL for securing client-server connections, we could have used other systems(loadbalancers like HAProxy, Nginx) to terminate the SSL. Moreover, It could have been faster with standard SSL connection. What are the reasons for using a custom protocol over SSL?