zlacker

[return to "Tell HN: HN Moved from M5 to AWS"]
1. wging+j6[view] [source] 2022-07-09 02:25:26
>>1vuio0+(OP)
> Unlike CF, AWS does not support TLS1.3. This is not working while HN uses the AWS IP.

This seemed implausible so I looked into it, and it's wrong as stated (at best, it needs to be made more precise to capture what you intended). First, you've mentioned Cloudflare, but the equivalent AWS product (CloudFront) does support TLS 1.3 (https://aws.amazon.com/about-aws/whats-new/2020/09/cloudfron...).

HN isn't behind CloudFront, though, so you probably mean their HTTP(s) load balancers (ALB) don't support TLS 1.3. Even that's an incomplete view of the load balancing picture, since the network load balancers (NLB) do support TLS 1.3, https://aws.amazon.com/about-aws/whats-new/2021/10/aws-netwo....

◧◩
2. Aeolun+z7[view] [source] 2022-07-09 02:33:15
>>wging+j6
NLB’s support everything that goes over TCP or UDP, that’s not exceptionally surprising.
◧◩◪
3. WatchD+sa[view] [source] 2022-07-09 02:53:08
>>Aeolun+z7
Yeah but NLB can offload TLS from the app, which is what the parent commenter linked to. It’s not just passing through the TLS from the app(which is also possible).
[go to top]