SSL encryption is a method of securely transmitting data over the internet. This is attained using public key cryptography. When a server receives an encrypted request using the SSL protocol, it has to decrypt the request to know its contents to figure out an appropriate response, encrypt the response and send it back to the requesting client. This task of encryption-decryption is computationally expensive. This can cause consumption of a lot of CPU’s resources, thus increasing the load on the servers.
SSL offloading is a method that provides a solution to this problem. By utilizing the feature of SSL offloading in a reverse proxy server, the user’s server is relieved from the encryption-decryption duties as it receives a decrypted HTTPS, i.e., HTTP request. The reverse proxy server handles the decryption of incoming requests and encryption of outgoing responses.
TLS stands for Transport Layer Security. TLS encryption is the latest version of SSL encryption and it is also used for authenticating and providing data security between 2 end machines. TLS encryption provides perfect end-to-end communication encryption. It also reduces latency because the verification and assertion is done much faster.
SSL encryption configuration can be done on your reverse proxy server based on your use case. Here's how SSL encryption works to secure your website:
Since all the requests to and from the server and browser are secured by the SSL encryption, they constantly need to encrypt and decrypt messages, which leads to consumption of a huge amount of CPU resources. SSL Offloading is the process of decrypting the SSL encryption on the messages sent between the browser and server. A reverse proxy can be configured to implement SSL Offloading. All requests can be secured with SSL encryption or decrypted as per procedure by enabling SSL Offloading. A Reverse Proxy server can help out here. We can set SSL encryption using a Reverse Proxy server that can be configured for enabling SSL Offloading so as to encrypt or decrypt messages as per need, and takes charge of all computational heavy lifting.
Let’s consider a scenario where a number of SSL encrypted requests are sent to the user’s server(s):
Let’s take the example of one of our customers who configured a reverse proxy server onto their machine with SSL/TLS encryption offloading enabled. Consider a scenario where the customer receives a multitude of HTTPS requests to their servers in the backend from the proxy links they configured. In such cases, as the task of decryption of requests is computationally expensive, it is taken care of by the reverse proxy server. The server will decrypt the requests it receives and forward them to the backend server(s) of the customer (as HTTP requests). The backend servers send an appropriate response to the forwarded request, which is, ultimately, encrypted by the reverse proxy server using public key cryptography before delivering it to the requesting client.
Additionally, SSL Offloading plays a vital role when setting up Load Balancing. Every encrypted request from a user which is in HTTPS format, will be decrypted at the reverse proxy. The decrypted message will be shared across multiple load balancing servers in HTTP format. The HTTP response will be SSL encrypted at the reverse proxy. This way for load balancing SSL Offloading reduces computation time and increases efficiency by performing SSL encryption and decryption at its end.
Our Other Identity & Access Management Products