Wednesday, March 17, 2021

Where do you terminate SSL for PeopleSoft?

Most PeopleSoft implementations have some sort of firewall/load balancer appliance in front of PeopleSoft. As an administrator, one question we have to answer is, "Where do we terminate SSL?" And the answer seems so obvious, most don't even ponder the question. What is the obvious answer? Terminate at the load balancer. Why? Because that is why they exist. SSL/TLS is what they do, and they do it well. What's the alternative? Carry SSL all the way to Weblogic, and terminate at the PeopleSoft web server. Weblogic is amazing at what it does, but it isn't a security appliance. And that is why the obvious answer is to terminate at the load balancer. But here is my question:

Are you reencrypting the traffic between the load balancer and PeopleSoft?

Do you encrypt all the way to Weblogic or do you terminate at the load balancer, thereby passing sensitive information in plain text behind the firewall?

Over the last several years I have heard fantastic security presenters recommend SSL termination at the load balancer level (for good reason). But they always end encryption at the load balancer. They don't encrypt behind the firewall. Why not? The most common reason is performance. Encryption isn't free. And if encryption is expensive, why encrypt behind the firewall? Here are two reasons:

  1. Your network might not be as secure as you think it is. A great example is NASA's breach implemented through a Raspberry PI.
  2. PeopleSoft-delivered service operations expect encryption.
As a developer, I defer to the network infrastructure design team. If they say the network is secure, I take their word for it. But take a look at reason #2. There are several PeopleSoft-delivered service operations that verify encryption at the Weblogic level. If I want to use those delivered service operations, I either need to:
  • Carry SSL/TLS all the way to Weblogic or
  • Modify the Service Operation.
Which would you prefer?