I have two Apache PHP servers that talk to each other with curl, exchanging GET/POST requests. I want to secure that communication.
Both servers are using HTTPS. Does that mean that using anything else would be overkill? I mean do I need to encrypt anything else or can I just go ahead and send data in plain format?
If both servers talk to each other with HTTPS, use strong ciphers with HTTPS and properly check the certificate of the peer than the connection between those servers can be considered properly protected. If you need more security for the transport protection you might use certificate pinning to.
But, protecting the connections means only this. It does not mean that the data are protected against modification outside the connection, i.e. before encryption or after decryption. It also does not mean that only innocent data gets served.
