Aug 31, 2018 · 1 min read
In follow up to my comment about the packets exiting the SSH tunnel, traversing the VPC and hitting the RDS instance… while I’ve never looked to see whether that content is transmitted using SSL I know it isn’t, at least in my case of hitting an HTTPS endpoint. The HTTPS endpoint (Apache Tomcat) responded with an error when tring to hit the port using HTTP, when I switched to HTTPS all worked fine… if SSH were to establish the SSL connection to the HTTPS port I wouldn’t have needed to use HTTPS and for that matter wouldn’t be able to use HTTPS since then it would be doubly encypted and Apache Tomcat having only decrypted the once woudn’t know what to do with the, still encrypted packets, hitting it.