Author |
Message |
JLA Board Member
Joined: 30 Apr 2009
Posts: 451 Location: U.S.A
|
Posted: Wed Apr 22, 2020 9:42 pm Post subject: SSL Offloading |
|
|
Anyone here using any form of SSL offloading? _________________ http://www.jlaforums.com |
|
Back to top |
|
|
JLA Board Member
Joined: 30 Apr 2009
Posts: 451 Location: U.S.A
|
Posted: Thu Feb 10, 2022 6:15 pm Post subject: Re: SSL Offloading |
|
|
Just thought I would try this again. Anyone have any experience with SSL offloading? _________________ http://www.jlaforums.com |
|
Back to top |
|
|
lumpy burgertushie Board Member
Joined: 18 Nov 2008
Posts: 266
|
Posted: Thu Feb 10, 2022 8:01 pm Post subject: Re: SSL Offloading |
|
|
my answer is no, however, I have never heard of ssl offloading. what is it?
robert |
|
Back to top |
|
|
Jim_UK Board Member
Joined: 19 Nov 2008
Posts: 656 Location: North West UK
|
Posted: Fri Feb 11, 2022 8:01 am Post subject: Re: SSL Offloading |
|
|
I "think" from what I read last night that the encryption and decryption puts a lot of load on the server so a second server is employed to handle just that function. So the encryption/decryption is offloaded to the secondary server.
I hope if I have that wrong someone will put me right.
Jim _________________ The truth is out there.
Unfortunately they will not let you anywhere near it! |
|
Back to top |
|
|
JLA Board Member
Joined: 30 Apr 2009
Posts: 451 Location: U.S.A
|
Posted: Fri Feb 11, 2022 8:21 am Post subject: Re: SSL Offloading |
|
|
That is correct.
In a simple setup, traffic coming in to the network from the internet on port 443 https would go to a dedicated device. This device would then send that traffic on to the web server internally on port 80 with all the request intact. The web server would simply see the request as coming from whatever ip, etc as made from the original requester and would respond. The response would go to the ssl offloading device and be forwarded to the original https requester. _________________ http://www.jlaforums.com |
|
Back to top |
|
|
s1eelra1 Board Member
Joined: 08 Apr 2015
Posts: 35
|
Posted: Fri Jul 08, 2022 9:58 pm Post subject: Re: SSL Offloading |
|
|
Well from what I know there's a few different processes options.
In the old days before processors generally got fast, they used to put ssl decryp/daughter cards in.
What a lot of times happen how, is there's a load balancer/firewall device in the way. Some of those act as a "decrypt" device. Where the 1 ssl session stops, and a different one begins to keep the traffic secured to the internal hosting server/device. |
|
Back to top |
|
|
JLA Board Member
Joined: 30 Apr 2009
Posts: 451 Location: U.S.A
|
Posted: Sun Jul 10, 2022 12:46 pm Post subject: Re: SSL Offloading |
|
|
s1eelra1 wrote: | Well from what I know there's a few different processes options.
In the old days before processors generally got fast, they used to put ssl decryp/daughter cards in.
What a lot of times happen how, is there's a load balancer/firewall device in the way. Some of those act as a "decrypt" device. Where the 1 ssl session stops, and a different one begins to keep the traffic secured to the internal hosting server/device. |
I'm wondering if an installation of Windows Server could be used as an SSL offloading device or there is a simple yet better solution... _________________ http://www.jlaforums.com |
|
Back to top |
|
|
s1eelra1 Board Member
Joined: 08 Apr 2015
Posts: 35
|
Posted: Tue Jul 12, 2022 8:38 pm Post subject: Re: SSL Offloading |
|
|
Well the problem is a lot of this stuff is integrated into the infrastructure of where its running.
For example, you're hosting in aws. Aws has a load balancer.... which helps you direct the traffic, and act as a point of ingress. From there your content could be hosted on more than one server/device/function. That way if one has an issue then you are automatically redirected. Azure, google, they all have the same things....
Some firewall devices, like a fortinet, or palo alto, all talk about how they want to "scan" outgoing https traffic. Which at this point is "most" of the net. A lot of modern browsers don't like sites that aren't https.
I turned on https with the free cert from Lets Encrypt.... and it made the whole world better. Chrome stopped bitching, Firefox was even worse from what I remember.
I think most hardware these days, could handel doing the encryption for a forum.... but I think there probably needs to be a better firewall in front of it. Its a lot harder to host on your own. Let alone email servers... |
|
Back to top |
|
|
JLA Board Member
Joined: 30 Apr 2009
Posts: 451 Location: U.S.A
|
Posted: Tue Nov 22, 2022 9:35 am Post subject: Re: SSL Offloading |
|
|
Reading through this again reminds me it will be a good winter project… _________________ http://www.jlaforums.com |
|
Back to top |
|
|
|