No, I didn't make that stronger claim; if that's what it sounded like, I apologize for the poor wording. I was definitely assuming "terminate TLS at load balancer and proxy in the clear over internal, private network" as a common, long-established practice that I have no problem with.
With services like Cloudflare, you can terminate TLS at CF, and then proxy over the public internet to the server that actually serves the page, which I think defeats a lot of the purpose of TLS, and I can never know ahead of time when I request a page of HTTPS if this will in fact be what's happening.
With services like Cloudflare, you can terminate TLS at CF, and then proxy over the public internet to the server that actually serves the page, which I think defeats a lot of the purpose of TLS, and I can never know ahead of time when I request a page of HTTPS if this will in fact be what's happening.