Is there a way of achieving SSL pinning with Azure Application Gateway. I have some APIs deployed on AKS exposed through APIM. The APIM is private and the APIs are publicly exposed through Application Gateway. Is there a way of achieving SSL pinning in my custom android app in this scenario?
Add a comment
|
1 Answer
Application Gateway supports TLS termination at the gateway, after which traffic typically flows unencrypted to the backend servers.
1.Transport Layer Security (TLS), previously known as Secure Sockets Layer (SSL), is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and encrypted. Application gateway supports both TLS termination at the gateway as well as end to end TLS encryption.
2.End-to-end TLS allows you to encrypt and securely transmit sensitive data to the backend while you use Application Gateway's Layer-7 load-balancing features. These features include cookie-based session affinity, URL-based routing, support for routing based on sites, the ability to rewrite or inject X-Forwarded-* headers, and so on.
3.When configured with end-to-end TLS communication mode, Application Gateway terminates the TLS sessions at the gateway and decrypts user traffic. It then applies the configured rules to select an appropriate backend pool instance to route traffic to. Application Gateway then initiates a new TLS connection to the backend server and re-encrypts data using the backend server's public key certificate before transmitting the request to the backend. Any response from the web server goes through the same process back to the end user
Reference: https://learn.microsoft.com/en-us/azure/application-gateway/end-to-end-ssl-portal
