What is SSL Offloading?
What is SSL?
SSL stands for Secure Sockets Layer. It is a security protocol for establishing a secure connection between the client (Browser) and server over the internet. SSL protocol encrypts all the traffic exchanged between the client and server. Decryption of traffic happens on both ends.
A web request is initiated by the user using SSL protocol all the traffic (packets) sent over the network is in encrypted form until it reaches the web server, and in order to fulfil the request of user, web server first decrypts the encrypted SSL traffic, processes the request and then generates the appropriate response to the user’s request. After generating the response it again re-encrypts the response, and then sends back the response to the user over the network in encrypted form. This process happens vice-versa.
What is SSL Offloading?
Continuous decryption and encryption process of traffic via SSL is very CPU intensive and our generic x86 based processors are not designed for performing repetitive CPU intensive processes like SSL decryption. This can heavily affect the performance of the web server and can lead to the unsatisfied user experience.
Offloading the process of decrypting and encrypting the traffic to the separate device which is specifically designed to perform SSL Handshake, Acceleration, and its Termination is known as SSL Offloading.
The web request is sent by the User (Browser) via SSL protocol to the Load Balancer or SSL Offloader, the connection created between User and SSL Offloader is in encrypted form. SSL Offloader takes care of encryption and decryption of data and sends plain requests to Web Servers attached behind in the same private network. Offloading or moving the burden from the web servers and takes care of all encryption and decryption, this can largely boost up the performance of the web server, a high number of requests can be processed concurrently with very low CPU usage.
Advantages of SSL Offloading
- Improves the performance of Web Server, increase the stability of website and ends up in high customer satisfaction.
- It can be used as a firewall and only scanned traffic is forwarded to the backend web servers.
- It can be used as a load balancer when multiple servers are used for serving web traffic.
- Improves the page load speed time of a website and which can boost up the ranking of a website in SEO.
- It can help in autoscaling the web servers during the peak hours of traffic.
Security Implication of SSL Offloading
The user is unaware of the fact that data is traveling in the plain text from offloader to the web server, therefore the security of data is a major concern here.
- Data is moving across your internal network when requests are exchanging between offloader and web servers, it should not be over the public Internet.
- Securing the internal network with a firewall on a secure subnet where no user has direct access and no one can enter your private internal network until you allow, you can be confident enough to implement SSL offloading.
Example of SSL Offloader
Amazon Elastic Load Balancer is a very good example of SSL Offloader.
This brings an end to this tutorial. Come back for more technical using which we can optimize and use the resources to its optimum. Do not forget to like and share the post. Cheers!