2 min read · Nov 10, 2023
--
Ever heard this!!!!
If this interests you read ahead!!
SSL termination describes the transition process when data traffic becomes encrypted and unencrypted. This happens at the server end of a secure socket layer (SSL) connection.
SSL/TLS termination refers to the process of decrypting encrypted traffic (HTTPS) at a network endpoint, such as a load balancer or reverse proxy, and forwarding the decrypted traffic to the destination server/application. In this process, the SSL/TLS encryption is terminated, and the communication between the client and the server/application happens over unencrypted HTTP.
SSL termination helps to speed up the decryption process and reduces the processing burden on backend servers.
Here’s how SSL/TLS termination works:
- Client initiates an SSL/TLS handshake with the server
When a client (such as a web browser) wants to establish a secure connection with a server, it sends a request to the server and initiates an SSL/TLS handshake. This handshake includes the client and server exchanging encryption keys and agreeing on a shared encryption algorithm.
2. SSL/TLS termination at the network endpoint
In the case of SSL/TLS termination, a network endpoint (such as a load balancer) receives the incoming encrypted traffic. The network endpoint has the SSL/TLS certificate and private key required to decrypt the traffic. It performs the necessary decryption using the certificate and key and exposes the decrypted traffic.
SSL termination helps speed up the decryption process and reduces the processing burden on backend servers.
3. Forwarding decrypted traffic to the destination
Once the encrypted traffic is decrypted, the network endpoint forwards the decrypted traffic to the destination server or application. This can be an application server, web server, or any other backend service that handles the client’s request.
4. Communication between client and destination
From this point onward, the communication between the client and the destination server/application happens over unencrypted HTTP. The network endpoint acts as an intermediary and relays the requests and responses between the client and the destination.
SSL/TLS termination is commonly used in scenarios where the backend servers or applications do not directly handle SSL/TLS encryption and decryption. It offloads the resource-intensive cryptographic operations to a dedicated network endpoint, allowing the backend servers to focus on processing the requests and responses efficiently. It also enables centralized management of SSL/TLS certificates and simplifies the deployment and configuration of secure communication for multiple backend servers or applications.