SSL (Secure Sockets Layer) is a protocol aimed at HTTP security during HTTP requests and responses. SSL relies on encryption with a key to enable communication between client and server to interact securely. Encryption of sensitive information provides protection against Man in The Middle attacks by restricting cyber attackers.
Encryption and decryption operations with SSL can strain resources by seriously consuming them. In order to make these processes more effective and efficient, these processes can be done by installing a special server. The process of balancing the traffic generated by using SSL on this specially installed web server is called SSL Offloading.
How SSL Offloading Works
SSL Offloading is performed by having a device called Load Balancer between the browser and the server during encryption and decryption. Load Balancer does not provide a new SSL certificate context. It performs this operation with a private key using the existing SSL certificate contents on the server.
There are two types of SSL Offloading methods available: SSL Termination and SSL Bridging.
SSL Termination is based on a method whose main purpose is to speed up the decryption process. After connecting to the Load Balancer as HTTPS during the connection requested by the Client, it connects to the web server from the Load Balancer via HTTP protocol. While the connection between the Client and the Load Balancer is encrypted, the data exchange between the Load Balancer and the Server is provided unencrypted.
SSL Termination, the most general way of working is as follows:
·Load Balancer is connected between browser and server.
·When the browser tries to establish an SSL/TLS connection, the Public and Private Keys during the session are created between the browser and the load balancer.
·All data encrypted by the browser reaches the load balancer device first.
·Load Balancer decrypts the data using the symmetric session key and forwards the data unencrypted to the server.
·The server receives the data in clear text (plain text) and does not need to be decrypted.
·The server sends its response to the load balancer as clear text.
·Load Balancer encrypts the unencrypted data using the session key and sends it to the client.
·The client decrypts the data using the same session key.
SSL Bridging
SSL Bridging is a more suitable method for websites where users have critical data such as credit card information, health data, TR ID number. In some cases, such websites may have high HTTPS traffic. These effects can last for a long time on websites during malicious activities by the client. For such situations, SSL Bridging is a more secure and effective solution than SSL Termination. SSL Bridging exists between client and load balancer as in SSL Termination.
SSL Bridging, the most general way of working is as follows:
·A client decrypts the data by sending the encrypted data to the load balancer using HTTPS.
·Load Balancer examines packets in HTTPS traffic and blocks if it detects suspicious activity.
·This process is similar to MitM (Man-in-the-Middle Attack). However, this process is done for control rather than exploitation.
·Instead of transmitting the clear text (plain text) data it obtained to the server, the load balancer re-encrypts it and is transmitted to the server in this way. The data is transmitted in an encrypted manner at every stage.
