Follow

Q&A: What is the connection flow of a proxy using Transparent SSL?

Question

  • When a client connects to a Proxy with SSL Transparency, what is the pattern of connections and SSL/TLS handshakes?
  • What is the order of operations for clients performing a TCP and TLS handshake with a Proxy that has a Transparent SSL Profile enabled?

 

Environment

  • Proxy/Proxies
    • Transparent SSL

 

Answer

An important distinction between a regular SSL/TLS terminating proxy and one that uses Transparent SSL is that Silverline does not Server Hello the client until the backend/origin has Server Hello'ed us back. Conversely, with a Silverline Proxy that does not use SSL Transparency, the full SSL handshake is completed between client and proxy, then another distinct handshake is performed with the backend.

Connection flow:

  1. Client/Proxy TCP handshake
  2. Proxy/Backend TCP handshake
  3. Client sends Proxy SSL/TLS Client Hello (can be simultaneous with Step 2)
  4. Proxy sends Backend the client's SSL/TLS Client Hello
  5. Backend sends Proxy the SSL/TLS Server Hello and key exchange occurs (full SSL/TLS handshake)
  6. Proxy sends client the SSL/TLS Server Hello and completes the handshake started in Step 2

 

Related Content

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request