What is SSL Bridging?
A request arriving on an SSL connection is forwarded over an SSL connection. In this scenario, the client sends an encrypted request. Load Balancer decrypts the request, encrypts it again, and forwards it to the Web server. The Web server returns the encrypted object to the Load Balancer. Load Balancer decrypts the object, encrypts it again, and sends it to the client.
SSL Bridging involves decrypting the traffic on the firewall (Load Balancer), inspecting the HTML code and filtering it for malware and any content policies that may be applied. The traffic is then re-encrypted usually using a different certificate provided by an Internal Certificate Authority and passing it onto the end client. Microsoft calls this technology SSL bridging. Other vendors use different terminology; for example, SonicWall calls it SSL initiation.
What is SSL Offloading?
Encrypting and decrypting network traffic is a very CPU-intensive task for servers. The initial session setup in particular, demands the most of a CPU. The general purpose CPUs of server hardware will take a significant hit when a website migrates towards 2048-bit or higher SSL keys.
When upgrading from 1024-bit to 2048-bit keys, the CPU usage typically increases 4–7 times. For 4096-bit keys, server CPUs are bound to reach their limits at typical volumes. The industry is quickly upgrading to 2048-bit keys; the minimum key length changed from 1024 to 2048-bit. Certificate Authorities (CAs) no longer provide certificates with key lengths smaller than 2048-bit.
SSL offloading relieves a Web server of the processing burden of encrypting and/or decrypting traffic sent via SSL, the security protocol that is implemented in every Web browser. The processing is offloaded to a separate device (typically Load Balancer) designed specifically to perform SSL offloading.
If you found any of the information on this page helpful in anyway then please consider sharing this content with your favorite social network or by leaving your thoughts in the comment section. Thanks!