This moves the SSL session between the client and the client-side SteelHead.ħ. A temporary session key is migrated from the server-side SteelHead to the client-side SteelHead. This comes in the form of the server-hello.Ħ. The server-side SteelHead then establishes an SSL connection with the client. The server-side SteelHead establishes a connection with the server.ĥ. When the client sends the initial “hello,” it is intercepted by the server-side SteelHead appliance.Ĥ. The SteelHead appliances use their own identity certificates to establish a secure connection between one another proactively or on-demand.ģ. Server-side SSL Certificates and Private Keys are copied to the SteelHead appliances.Ģ. So here’s how the overall process of SSL optimization works:ġ. But what we really want to get at is the different types of traffic inside there so we can perform additional optimization techniques as needed. I do want to note here that we can certainly optimize ALL SSL traffic since really it’s just a TCP session. So, now that we’ve reviewed the SSL process, let’s talk about what we need to do to configure our SteelHead environment to optimize SSL traffic. The server generates keys and responds back to the client with the “Change Cipher Spec” message, switching further communication to the use of the generated session keys. The server’s public key is used for this and the data can only be decrypted by the server using its private key. The client then sends the random material that will be used to create the session key. In response to this, the server sends its public key. Once the session key is established both parties encrypt and decrypt using the session key.įor a moment, let’s look at the SSL negotiation process.Īs you can see in the figure, the process begins with a client sending a hello to the server. The symmetric key is random and is only used for the current conversation. As mentioned, asymmetric encryption is used to send a message that we then calculate the symmetric key with. A sender uses the recipient’s public key to encode and send a message the recipient uses its private key to decode the message and within this communication, a symmetric session key is calculated. Asymmetric encryption isn’t often used for real-time data as the key size is much larger, often 2048 or 4096 bit. Asymmetric encryption uses two keys, a public key and a private key. The keying is smaller than that of asymmetric encryption and the same key is used for both encryption and decryption. Symmetric encryption is commonly used for real-time data transfer. SSL, or really TLS these days, uses both symmetric and asymmetric encryption. This will aid in understanding the configuration requirements once we get to that point. Before getting into the nuts and bolts of SteelHead, let’s talk briefly about SSL. In this article, I’ll show you how to address these performance issues using Riverbed SteelHead technology and SSL optimization. There are several reasons you might experience performance issues when using HTTPS sessions between two hosts. And since the HTTP protocol is so widely used as a means to transfer various types of data, like MAPI over HTTP, a mechanism is needed to secure it. With the security concerns we face these days it’s ever so important for organizations to use encryption to secure their data in transit.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |