SSL Proxy

<< Back to Technical Glossary

SSL Proxy Definition

SSL proxy SSL proxy is a transparent proxy that performs Secure Sockets Layer encryption (SSL) and decryption between the client and the server. Neither the server nor the client can detect its presence. A TLS proxy is similarly used by companies to handle incoming TLS connections and becoming more prominent.

Diagram depicts an SSL Proxy that performs a secure socket layer (ssl) encryption and decryption between application users and web servers in application delivery.

What is SSL Proxy?

The SSL proxies control Secure Sockets Layer – SSL traffic -to ensure secure transmission of data between a client and a server. The SSL proxy is transparent, which means it performs SSL encryption and decryption between the client and the server.

The SSL proxy also reproduces server certificates so the server can make a secure (SSL) or unsecure (HTTP) connection to a web server.

What is an SSL Proxy Server?

A proxy server is an intermediary between a user’s computer and the Internet. A user first connects to a proxy server when requesting web pages, videos or any data online. The proxy server then retrieves data that have been previously cached. If an entirely new request, the proxy server gets data from the original source and caches it for future use.

A Secure Sockets Layer (SSL) proxy server ensures secure transmission of data with encryption technology. Security in an SSL connection relies on proxy SSL certificates and private-public key exchange pairs. SSL offload and SSL inspection features require the servers to share their secret keys to be able to decrypt the SSL traffic.

How Does SSL Proxy Work?

A key function of SSL proxy is to emulate server certificates. This allows a web browser to use a trusted certificate to validate the identity of web server. SSL encrypts data to ensure that communications are private and the content has not been tampered with.

The SSL proxy does the following:

• Acts as a client for the server by determining the keys to encrypt and decrypt.
• Acts as a server for the client by first authenticating the original server certificate and issuing a new certificate along with a replacement key.
• Decryption and encryption take place in each direction (client and server), and the keys are different for both encryption and decryption.
• Hands off HTTPS traffic to the HTTP proxy for protocol optimization and other acceleration techniques.

What are the Benefits of SSL Proxy?

• Decrypts SSL traffic to obtain granular application information.
• Enforces use of strong protocols and algorithms by the client and the server.
• Provides visibility and protection against threats embedded in SSL encrypted traffic.
• Controls what needs to be decrypted by using SSL Proxy.

Does Avi Offer SSL Proxy?

Yes. When Avi is serving as an SSL proxy for the back-end servers in the service’s pool, Avi communicates with the client over SSL/TLS.

For more information see the following SSL proxy resources: