Removing this work from the backend servers allows them to focus on what they are most efficient at, delivering content. Better utilization of the backend servers – SSL/TLS processing is very CPU intensive, and is becoming more intensive as key sizes increase.
The use of TLS tickets can help mitigate this issue, but they aren't supported by all clients and can be difficult to configure and manage. If it’s done on the backend servers, then each time the client’s requests go to a different server the client must reauthenticate. If this is done at the application gateway, all requests from the same client can use the cached values. To improve performance, the server doing the decryption caches TLS session IDs and manages TLS session tickets. Improved performance – The biggest performance hit when doing TLS decryption is the initial handshake.There are a number of advantages of doing TLS termination at the application gateway: TLS terminationĪpplication Gateway supports TLS termination at the gateway, after which traffic typically flows unencrypted to the backend servers. Application gateway supports both TLS termination at the gateway as well as end to end TLS encryption. This link ensures that all data passed between the web server and browsers remain private and encrypted. Transport Layer Security (TLS), previously known as Secure Sockets Layer (SSL), is the standard security technology for establishing an encrypted link between a web server and a browser.
0 kommentar(er)
