phpBB2Refugees.com Logo
Not affiliated with or endorsed by the phpBB Group

Register •  Login 

Continue the legacy...

Welcome to all phpBB2 Refugees!Wave Smilie

This site is intended to continue support for the legacy 2.x line of the phpBB2 bulletin board package. If you are a fan of phpBB2, please, by all means register, post, and help us out by offering your suggestions. We are primarily a community and support network. Our secondary goal is to provide a phpBB2 MOD Author and Styles area.

SSL Offloading


 
Search this topic... | Search phpBB2 Discussion... | Search Box
Register or Login to Post    Index » phpBB2 Discussion  Previous TopicPrint TopicNext Topic
Author Message
JLA
Board Member



Joined: 30 Apr 2009

Posts: 451
Location: U.S.A


flag
PostPosted: Wed Apr 22, 2020 9:42 pm 
Post subject: SSL Offloading

Anyone here using any form of SSL offloading?
_________________
http://www.jlaforums.com
Back to top
JLA
Board Member



Joined: 30 Apr 2009

Posts: 451
Location: U.S.A


flag
PostPosted: Thu Feb 10, 2022 6:15 pm 
Post subject: Re: SSL Offloading

Just thought I would try this again. Anyone have any experience with SSL offloading?
_________________
http://www.jlaforums.com
Back to top
lumpy burgertushie
Board Member



Joined: 18 Nov 2008

Posts: 266


flag
PostPosted: Thu Feb 10, 2022 8:01 pm 
Post subject: Re: SSL Offloading

my answer is no, however, I have never heard of ssl offloading. what is it?


robert
Back to top
Jim_UK
Board Member



Joined: 19 Nov 2008

Posts: 656
Location: North West UK


flag
PostPosted: Fri Feb 11, 2022 8:01 am 
Post subject: Re: SSL Offloading

I "think" from what I read last night that the encryption and decryption puts a lot of load on the server so a second server is employed to handle just that function. So the encryption/decryption is offloaded to the secondary server.
I hope if I have that wrong someone will put me right.

Jim

_________________
The truth is out there.
Unfortunately they will not let you anywhere near it!
Back to top
JLA
Board Member



Joined: 30 Apr 2009

Posts: 451
Location: U.S.A


flag
PostPosted: Fri Feb 11, 2022 8:21 am 
Post subject: Re: SSL Offloading

That is correct.

In a simple setup, traffic coming in to the network from the internet on port 443 https would go to a dedicated device. This device would then send that traffic on to the web server internally on port 80 with all the request intact. The web server would simply see the request as coming from whatever ip, etc as made from the original requester and would respond. The response would go to the ssl offloading device and be forwarded to the original https requester.

_________________
http://www.jlaforums.com
Back to top
s1eelra1
Board Member



Joined: 08 Apr 2015

Posts: 35



PostPosted: Fri Jul 08, 2022 9:58 pm 
Post subject: Re: SSL Offloading

Well from what I know there's a few different processes options.

In the old days before processors generally got fast, they used to put ssl decryp/daughter cards in.

What a lot of times happen how, is there's a load balancer/firewall device in the way. Some of those act as a "decrypt" device. Where the 1 ssl session stops, and a different one begins to keep the traffic secured to the internal hosting server/device.
Back to top
JLA
Board Member



Joined: 30 Apr 2009

Posts: 451
Location: U.S.A


flag
PostPosted: Sun Jul 10, 2022 12:46 pm 
Post subject: Re: SSL Offloading

s1eelra1 wrote:
Well from what I know there's a few different processes options.

In the old days before processors generally got fast, they used to put ssl decryp/daughter cards in.

What a lot of times happen how, is there's a load balancer/firewall device in the way. Some of those act as a "decrypt" device. Where the 1 ssl session stops, and a different one begins to keep the traffic secured to the internal hosting server/device.


I'm wondering if an installation of Windows Server could be used as an SSL offloading device or there is a simple yet better solution...

_________________
http://www.jlaforums.com
Back to top
s1eelra1
Board Member



Joined: 08 Apr 2015

Posts: 35



PostPosted: Tue Jul 12, 2022 8:38 pm 
Post subject: Re: SSL Offloading

Well the problem is a lot of this stuff is integrated into the infrastructure of where its running.

For example, you're hosting in aws. Aws has a load balancer.... which helps you direct the traffic, and act as a point of ingress. From there your content could be hosted on more than one server/device/function. That way if one has an issue then you are automatically redirected. Azure, google, they all have the same things....

Some firewall devices, like a fortinet, or palo alto, all talk about how they want to "scan" outgoing https traffic. Which at this point is "most" of the net. A lot of modern browsers don't like sites that aren't https.

I turned on https with the free cert from Lets Encrypt.... and it made the whole world better. Chrome stopped bitching, Firefox was even worse from what I remember.

I think most hardware these days, could handel doing the encryption for a forum.... but I think there probably needs to be a better firewall in front of it. Its a lot harder to host on your own. Let alone email servers...
Back to top
JLA
Board Member



Joined: 30 Apr 2009

Posts: 451
Location: U.S.A


flag
PostPosted: Tue Nov 22, 2022 9:35 am 
Post subject: Re: SSL Offloading

Reading through this again reminds me it will be a good winter project…
_________________
http://www.jlaforums.com
Back to top
Display posts from previous:   
Register or Login to Post    Index » phpBB2 Discussion  Previous TopicPrint TopicNext Topic
Page 1 of 1 All times are GMT - 4 Hours
 
Jump to:  

Index • About • FAQ • Rules • Privacy • Search •  Register •  Login 
Not affiliated with or endorsed by the phpBB Group
Powered by phpBB2 © phpBB Group
Generated in 0.0412 seconds using 17 queries. (SQL 0.0099 Parse 0.0007 Other 0.0306)
phpBB Customizations by the phpBBDoctor.com
Template Design by DeLFlo and MomentsOfLight.com Moments of Light Logo