TLS Offloading on:
[Wikipedia]
[Google]
[Amazon]
A TLS termination proxy (or SSL termination proxy, or SSL offloading) is a proxy server that acts as an
A TLS termination proxy (or SSL termination proxy, or SSL offloading) is a proxy server that acts as an intermediary
An intermediary, also known as a middleman or go-between, is defined differently by context. In law or diplomacy, an intermediary is a third-party beneficiary, third party who offers intermediation services between two parties. In trade or barte ...
point between client
Client(s) or The Client may refer to:
* Client (business)
* Client (computing), hardware or software that accesses a remote service on another computer
* Customer or client, a recipient of goods or services in return for monetary or other valuable ...
and server
Server may refer to:
Computing
*Server (computing), a computer program or a device that provides requested information for other programs or devices, called clients.
Role
* Waiting staff, those who work at a restaurant or a bar attending custome ...
applications, and is used to terminate and/or establish TLS (or DTLS
Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol ...
) tunnels
A tunnel is an underground or undersea passageway. It is dug through surrounding soil, earth or rock, or laid under water, and is usually completely enclosed except for the two portals common at each end, though there may be access and ve ...
by decrypting and/or encrypting communications. This is different from TLS pass-through proxies that forward encrypted (D)TLS traffic between clients and servers without terminating the tunnel.
Uses
TLS termination proxies can be used to: * secureplaintext
In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted.
Overview
With the advent of comp ...
communications over untrusted networks by tunnelling them in (D)TLS,
* allow inspection of encrypted traffic by an intrusion detection system
An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically either reported to an administrator or collec ...
to detect and block malicious activities,
* allow network surveillance and analyze encrypted traffic,
* enable otherwise unsupported integration with other applications that provide additional capabilities such as content filtering
An Internet filter is software that restricts or controls the content an Internet user is capable to access, especially when utilized to restrict material delivered over the Internet via the Web, Email, or other means. Such restrictions can be appl ...
or Hardware security module
A hardware security module (HSM) is a physical computing device that safeguards and manages secrets (most importantly digital keys), and performs encryption and decryption functions for digital signatures, strong authentication and other crypt ...
,
* enable (D)TLS protocol versions, extensions, or capabilities (e.g. OCSP stapling
The Online Certificate Status Protocol (OCSP) stapling, formally known as the TLS Certificate Status Request extension, is a standard for checking the revocation status of X.509 digital certificates. It allows the presenter of a certificate to be ...
, ALPN, DANE, CT validation, etc.) unsupported by client or server applications to enhance their compatibility and/or security,
* work around buggy/insecure (D)TLS implementations in client or server applications to improve their compatibility and/or security,
* provide additional certificate-based authentication unsupported by server and/or client applications or protocols,
* provide an additional defence-in-depth layer for centralised control and consistent management of (D)TLS configuration and associated security policies, and
* reduce the load on the main servers by offloading the cryptographic processing to another machine.
Types
TLS termination proxies can provide three connectivity patterns: * TLS Offloading of inbound encrypted (D)TLS connection from a client and forwarding communications over a plain text connection to the server. * TLS Encryption of inbound plaintext connection from a client and forwarding communications over an encrypted (D)TLS connection to the server. * TLS Bridging of two encrypted (D)TLS connections to allow inspection and filtering of encrypted traffic by decrypting inbound (D)TLS connection from a client and re-encrypting it with another (D)TLS connection to the server. Combining a TLS Encrypting proxy in front of a client with a TLS Offloading proxy in front of a server, can allow (D)TLS encryption and authentication for protocols and applications that don't otherwise support it, with two proxies maintaining a secure (D)TLS tunnel over untrusted network segments between client and server. A proxy used by clients as an intermediary gateway for all outbound connections is typically called a Forward proxy, while a proxy used by servers as an intermediary gateway for all inbound connections is typically called aReverse proxy
In computer networks, a reverse proxy or surrogate server is a proxy server that appears to any client to be an ordinary web server, but in reality merely acts as an intermediary that forwards the client's requests to one or more ordinary web s ...
. Forward TLS bridging proxies that allow intrusion detection system to analyse all client traffic are typically marketed as "SSL Forward Proxy".
TLS Offloading and TLS Bridging proxies typically need to authenticate themselves to clients with a digital certificate using either PKIX or DANE authentication. Usually the server operator supplies to its reverse proxy a valid certificate for use during (D)TLS handshake with clients. A forward proxy operator, however would need to create their own private CA, install it into the trust store of all clients and have the proxy generate a new certificate signed by the private CA in real time for each server that a client tries to connect to.
When network traffic between client and server is routed via a proxy, it can operate in transparent mode by using the client's IP address
An Internet Protocol address (IP address) is a numerical label such as that is assigned to a device connected to a computer network that uses the Internet Protocol for communication. IP addresses serve two main functions: network interface i ...
instead of its own when connecting to the server and using the server's IP address when responding to the client. If a Transparent TLS Bridging Proxy has a valid server certificate, neither client nor server would be able to detect the proxy presence. An adversary that has compromised the private key of the server's digital certificate or is able to use a compromised/coerced PKIX CAs to issue a new valid certificate for the server, could perform a man-in-the-middle attack
In cryptography and computer security, a man-in-the-middle (MITM) attack, or on-path attack, is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communi ...
by routing TLS traffic between client and server through a Transparent TLS Bridging Proxy and would have the ability to copy decrypted communications, including logon credentials, and modify content of communications on the fly without being detected.
See also
*TLS acceleration
TLS acceleration (formerly known as SSL acceleration) is a method of offloading processor-intensive public-key encryption for Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) to a hardware accelerator.
Typically this ...
References
{{reflist Transport Layer Security