HP Traffic Director sa7220 User Manual

Page 31

C H A P T E R 2

SSL Fundamentals (SA8200/SA8220 only)

are performed either at the server level, by web servers generally
providing SSL functionality by way of standalone software
components, or by embedded encryption software.

The HP methodology places encryption processing on the network
side, thus eliminating the need for processing on the servers (see the
figure on the next page). The servers never see any of the SSL
connection dialogue or the encrypted data. This removes a substantial
processing load from the servers allowing improved response times
and greater availability of system resources.

Basic SSL Operations

SA8220

Client connects to SA8220 with ClientHello

(includes ciphers supported)

SA8220 responds with SSL ServerHello

(includes selected cipher & session ID)

3. SA8220 sends certificate for server
4. Client sends ClientKeyExchange message;

includes PK (session key)

SA8220 and client send ChangeCipherSpec

message to indicate readiness

6. SA8220 and client send "finished" messages;

includes hash of whole conversation

Encrypted data sent to SA8220, decrypted and

forwarded to least busy server

Clear response sent to SA8220, encrypted and

sent to client.

1. Client connects to server
2. Server responds with certificate
3. Client encrypts random key
4. Server generates working key
5. Session established

ffi

Client

Server

This manual is related to the following products:

Traffic Director sa7200 e-Commerce Traffic Director sa8200 e-Commerce Traffic Director sa8220