Once upon a time, Laura Smith <n5d9xq3ti233xiyif2vp@protonmail.ch> said:
I don't know about anyone else here, but frankly in 2022 TLS support should be a first class citizen.
If I have to mess around with running something else as a proxy in front of it then that's the end of my software evaluation.
Crypto is no longer "nice to have" option these days.
Having every thing under the sun trying to implement the complexities of TLS leads to lots of failures and security issues... so lots of web things are designed to be simple and only implement HTTP, listen on localhost, and let a well-optimized front-end (e.g. nginx) handle the crypto side (as well as all the weird things browsers do). It also makes it easier from an system admin point of view, because handling cert updates in nginx is easy and well-known, so you don't have to figure out 27 different ways alternate software handles certs and updates. -- Chris Adams <cma@cmadams.net>