Exactly. HTTPS is for the public-facing Nginx proxy. No reason to require a cert... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		spb on Feb 20, 2015 \| parent \| context \| favorite \| on: Extracting the SuperFish certificate Exactly. HTTPS is for the public-facing Nginx proxy. No reason to require a cert to encrypt traffic on the internal bridge to the app.

nickysielicki on Feb 23, 2015 [–]

No reason?

https://plus.google.com/+BrandonDowney/posts/SfYy8xbDWGG

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact