SSL Offloading/Termination vs SSL Passthrough vs SSL Bridging (2024)

Table of Contents
Secure Socket Layer (SSL) Explained👨‍💻 Secure Socket Layer (SSL) enhances the security of data exchanged between a web browser and a server. By encrypting the… One line explanation SSL Termination (offloading) SSL Bridging SSL Passthrough

In this blog we will understand the differences between SSL Offloading, SSL Passthrough, and SSL Bridging. For detailed understanding on how SSL works you can read my previous blog on that using below link.

One line explanation

  • SSL Bridging: The Load Balancer/Proxy decrypts incoming HTTPS traffic and re-encrypts it before forwarding it to the backend server.
  • SSL Offloading (also known as SSL Termination): The Load Balancer/Proxy decrypts incoming HTTPS traffic and sends it to the backend server without encryption.
  • SSL Passthrough: The Load Balancer/Proxy doesn’t decrypt incoming HTTPS traffic and forwards it to the backend server as it is.

Let us delve more into each of them to understand further.

SSL Termination (offloading)

SSL Offloading/Termination vs SSL Passthrough vs SSL Bridging (3)

SSL offloading, also known as SSL termination, allows the user to initiate a secure connection with the Load Balancer thanks to the Load Balancer frontend’s SSL certificate. The Load Balancer decrypts incoming HTTPS traffic. Layer 7 actions may therefore be applied to the traffic at this stage. Traffic is not re-encrypted on its way from the Load Balancer to the backend server, unlike with SSL bridging. Traffic that has gone through the offloading process is marked with a new header, called X-Forwarded-Proto, which informs the backend server that the client used HTTPS to contact the Load Balancer.

However, since incoming traffic from load balancers to web servers is already unencrypted, SSL offloading may leave your network vulnerable to man-in-the-middle attacks and data theft. The sharing of encryption and decryption keys between network instances can compound the problem. To offset these potential disadvantages, you may need to beef up your IT team’s data and network security capabilities.

SSL Bridging

SSL Offloading/Termination vs SSL Passthrough vs SSL Bridging (4)

SSL bridging enables users to establish a secure, encrypted connection with the Load Balancer using the SSL certificate of the Load Balancer frontend. The Load Balancer decrypts incoming HTTPS traffic, allowing it to perform layer 7 actions on the received traffic. Subsequently, the Load Balancer’s backend establishes a new encrypted connection to re-encrypt the traffic between the Load Balancer and the backend server, utilizing the backend server’s certificate this time. For instance, within a microservices architecture, when there is a requirement to address additional functionalities such as cross-cutting concerns, it is advisable to employ this approach.

SSL Passthrough

SSL Offloading/Termination vs SSL Passthrough vs SSL Bridging (5)

Passthrough represents the most straightforward approach for managing encrypted traffic on a Load Balancer. True to its name, this method involves routing traffic through the Load Balancer without undergoing decryption on the Load Balancer itself. While this option minimizes overhead significantly, it comes with limitations, as no layer 7 actions can be executed. Consequently, features like cookie-based sticky sessions are not feasible with this method. Additionally, in scenarios where applications do not share sessions among servers, users may experience session loss due to redirection to different servers within the group.

SSL passthrough ensures a secure connection throughout the transmission process, with decryption occurring only at the destination, minimizing the risk of man-in-the-middle attacks targeting the traffic between the load balancer and server. Moreover, as load balancers abstain from decrypting traffic between clients and servers, they experience relatively low overhead, enabling more precise traffic direction. Nevertheless, SSL passthrough demands more central processing unit (CPU) cycles, resulting in higher operational costs. Furthermore, it lacks the ability to inspect requests or perform actions on web traffic, ruling out the use of access rules, redirects, and cookie-based sticky sessions. Due to these constraints, SSL passthrough is most suitable for smaller deployments. For larger and more demanding usage requirements, alternative approaches may need consideration.

While this concept may seem straightforward, individuals often find themselves confused when distinguishing between these terms. I trust that this explanation has clarified the distinctions, and I look forward to engaging with you in another blog.

SSL Offloading/Termination vs SSL Passthrough vs SSL Bridging (2024)
Top Articles
Building Trust: A Guide to Leading with Integrity
Find Out How eJury Works and What You Need to Get Paid
Omega Pizza-Roast Beef -Seafood Middleton Menu
Kostner Wingback Bed
Bubble Guppies Who's Gonna Play The Big Bad Wolf Dailymotion
Bleak Faith: Forsaken – im Test (PS5)
Television Archive News Search Service
Poplar | Genus, Description, Major Species, & Facts
Tcu Jaggaer
Newgate Honda
California Department of Public Health
Craigslist Pikeville Tn
OSRS Dryness Calculator - GEGCalculators
Dump Trucks in Netherlands for sale - used and new - TrucksNL
Find Such That The Following Matrix Is Singular.
Who called you from +19192464227 (9192464227): 5 reviews
라이키 유출
623-250-6295
Pickswise Review 2024: Is Pickswise a Trusted Tipster?
Drift Boss 911
Att.com/Myatt.
The BEST Soft and Chewy Sugar Cookie Recipe
About My Father Showtimes Near Copper Creek 9
Aliciabibs
Truvy Back Office Login
Bolly2Tolly Maari 2
Enduring Word John 15
Rgb Bird Flop
How Do Netspend Cards Work?
Perry Inhofe Mansion
Star News Mugshots
Ellafeet.official
The Legacy 3: The Tree of Might – Walkthrough
Tmka-19829
Domina Scarlett Ct
Space Marine 2 Error Code 4: Connection Lost [Solved]
Soulstone Survivors Igg
Rage Of Harrogath Bugged
NHL training camps open with Swayman's status with the Bruins among the many questions
How Many Dogs Can You Have in Idaho | GetJerry.com
Armageddon Time Showtimes Near Cmx Daytona 12
The best specialist spirits store | Spirituosengalerie Stuttgart
Best Restaurants West Bend
Toomics - Die unendliche Welt der Comics online
Crystal Glassware Ebay
Killer Intelligence Center Download
My Gsu Portal
Access to Delta Websites for Retirees
Tito Jackson, member of beloved pop group the Jackson 5, dies at 70
Gummy Bear Hoco Proposal
Ihop Deliver
Latest Posts
Protect Your Money: 11 Account Alerts You Should Know About - People's Credit Union
What Kind of Printer Do I Need for Printing Labels?
Article information

Author: Terence Hammes MD

Last Updated:

Views: 5875

Rating: 4.9 / 5 (69 voted)

Reviews: 84% of readers found this page helpful

Author information

Name: Terence Hammes MD

Birthday: 1992-04-11

Address: Suite 408 9446 Mercy Mews, West Roxie, CT 04904

Phone: +50312511349175

Job: Product Consulting Liaison

Hobby: Jogging, Motor sports, Nordic skating, Jigsaw puzzles, Bird watching, Nordic skating, Sculpting

Introduction: My name is Terence Hammes MD, I am a inexpensive, energetic, jolly, faithful, cheerful, proud, rich person who loves writing and wants to share my knowledge and understanding with you.