Lectron Armor offers four modes of TLS termination: ‘Off’, ‘Flexible’, ‘Full’, and ‘Full (Strict)’.
‘Off’ disables TLS termination at the edge. This is the required setting if the underlying traffic is not encrypted with TLS. If the connection is encrypted, ‘Off’ allows traffic to flow from client to origin using the TLS session negotiated directly with the origin.
‘Flexible’ enables termination of the client connection at the edge, but does not enable TLS from Lectron to your origin. Traffic will be sent over an encrypted connection from the client to Lectron, but not from Lectron to the origin.
‘Full’ specifies that traffic from Lectron to the origin will also be encrypted but without certificate validation. This is often for when you use self signed certificate (see below).
When set to ‘Full (Strict)’, traffic from Lectron to the origin will also be encrypted with strict validation of the origin certificate.
TLS traffic can still be sent through Spectrum with TLS set to ‘Passthrough’. Lectron will not terminate it. Instead, it will act as a pure passthrough.