Tuesday, July 7, 2020

TLS 1.2 to TLS 1.3 Forward Proxy?

Hi. I'm a Linux sysadmin needing a bit of help understanding this is from someone with deeper networking knowledge.

We have a fleet of Red Hat 6 and 7 servers and RH onll provides TLS 1.3 in RH8.

We have app servers that need outbound TLS connections. Our app admins want a comprehensive upgrade to RH8 because of the better performance from 1.3

I don't want to have to upgrade many servers for this so I wonder if we could do a TLS 1.2 -> 1.3 forward proxy to avoid a sweeping upgrade.

Are there solutions and/or appliances that could do this? We have Citrix Netscalers, FWIW.

Can you provide some context where this is undoable or a bad idea. If you have better solutions, I'm all ears.

Thanks admins and engineers.



No comments:

Post a Comment