Comment 3 for bug 980864

There's a whole bunch of stuff in OpenStack that currently doesn't implement SSL correctly or incurs significant cost when in use. Generally speaking, we (HP) have had a lot of success using Pound for SSL termination in front of services where we have a clear Confidentiality or Integrity requirement.

That said, I agree that Keystone should be secure by default, with the option for this to be disabled or changed by whoever administers the deployment.