Sure. The point is, don't bother letting the apps themselves do TLS termination. Too much work that's better handled by something else.
Sure. The point is, don't bother letting the apps themselves do TLS termination. Too much work that's better handled by something else.
Also, moving termination off the endpoint server makes it much easier for three letter agencies to intercept + log.
Most responsible orgs do TLS termination on the public side of a connection, but will still make a backend connection protected by TLS, just with a internal CA.