I was checking to add a Listener for my AWS network load balancer, was exploring the TLS option as TLS operates over a TCP connection for data encryption.
But then read this in the AWS docs:
"If you need to pass encrypted traffic through to the targets without the load balancer decrypting it, create a TCP listener on port 443 instead of creating a TLS listener."
I want the traffic to be encrypted and was wondering if using the TCP, makes the data transmission be less secure.
TLS
is easier to use, as LB will decrypt the traffic, and then (generally) send the unencrypted traffic to your instances. Otherwise, if you just use TCP
, entire encrypted traffic passes through LB, and you have to develop your applications to decrypt the traffic yourself.
was wondering if using the TCP, makes the data transmission be less secure.
No, it makes it more secure, as LB does not handle decryption. Its only up to you to decrypt it on the instances.