I need a better understanding of how amfsecure over HTTPs works.
Scenario: Two tier web architecutre, client communcates over HTTPS which is established between browser and the web server. (Assuming the SSL handshake is done on the web server layer). If the browser communicates to to the web server via secureamf which then redirects the calls to the app server (LCDS).
1.) Is the amfsecure call decrypted at the web server layer or the app server layer.
2.) Can this original call be decrypted at the web server layer ( is this even possible)?
3.) If the call is decrypted at the webserver layer is it still considered an amfsecure call or is it now a regular amf call to the app server?
4.) If it is decrypted on the app server layer, how does the app server now how to decrypt the ssl if the web server initiated the original handshake with the client's browser.