| SSi Service Strategies Inc. |
SSL Aggregation |
|
|
|
| ||||
|
|
Typical SSL Session Referring to the figure above, the SSL Session ID is initially presented by the server to the client as part of the Server Hello, one of the early messages exchanged during SSL session establishment. As long as communications between the client and server use the same TCP session after session establishment, there is no need for session renegotiation, and all application data will re-use the same symmetric key. In subsequent communications, i.e. where new TCP sessions are opened, the client has the option to include the previously established Session ID in the Client Hello, telling the server to re-use the already shared key material. This helps to substantially reduce the intensiveness of establishing a new SSL Session.
SSL Aggregation SSL Aggregation allows for thousands of front-end SSL sessions (e.g. Internet-based clients to a SonicWALL SSL offloader) to be combined into a single SSL Session ID to the back-end SSL server over discrete TCP connections. The relationship between front-end clients and back-end TCP connections remains 1:1, but the relationship between front-end clients and back-end SSL session is n:1. SonicWALL’s ability to perform SSL Aggregation positions it as a perfect replacement for server-based SSL solutions (either software or PCI/SCSI based accelerators) because it retains the strong security of end-to-end encryption, but it does so at a fraction of the processing overhead normally associated with SSL. |
|
Copyright © 1998
- 2002
Service Strategies Inc. All rights reserved.
|
SSL Aggregation
