[EXTERNAL] Re: Flow collection and analysis

Eric Kuhnke eric.kuhnke at gmail.com
Fri Jan 28 02:22:34 UTC 2022

If the purpose of the software is not to be a dedicated purpose http
daemon, use something that already exists with a deep feature set that can
be configured as needed for the purpose, such as apache2 with openssl or

It's not reasonable to expect that the developers of elastiflow reinvent
the wheel and write their own httpd with TLS support, if it can be easily
put "behind" apache2 or nginx. The risks of having people who aren't full
time httpd specialists write their own http daemon and mitigate every
possible security risk in a TLS setup are greater than using what already

It's a one page size configuration file in nginx.

On Wed, 26 Jan 2022 at 05:17, Laura Smith via NANOG <nanog at nanog.org> wrote:

> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Wednesday, January 26th, 2022 at 11:08, Eric Kuhnke <
> eric.kuhnke at gmail.com> wrote:
> > elastiflow is extremely easy to run on an httpd listening only on
> localhost and proxy behind a simple nginx TLS1.2/1.3 only configuration
> listening on port 443.
> >
> I don't know about anyone else here, but frankly in 2022 TLS support
> should be a first class citizen.
> If I have to mess around with running something else as a proxy in front
> of it then that's the end of my software evaluation.
> Crypto is no longer "nice to have" option these days.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220127/93a95583/attachment.html>

More information about the NANOG mailing list