Example embodiments relate to the field of data networks, and to methods and systems for secure communications over data networks.
For establishing secure communication across untrusted networks, one approach is to use a protocol that deploys either or both of public-key cryptographic techniques and symmetric-key cryptographic techniques. Public-key cryptography may provide certain security advantages over symmetric-key cryptography, but is typically more computationally expensive than symmetric-key cryptography. For this reason, the two types of cryptography may be combined by using public-key techniques to negotiate a symmetric cipher between two entities. The symmetric-key cipher may be used, for example, for bulk data transfers between entities. Secure Socket Layer (SSL) and Transport Layer Security (TLS) are examples of secured communication protocols that deploy such a combination of public-key and symmetric-key.
Different devices and techniques may be used to terminate secured connections for different reasons. For example, secured communication protocols introduce computational overhead and cost to each secured connection. For server computers providing many simultaneous secured connections to client computers, the additional computational overhead imposed by secured communication protocols may become significant. To decrease the computational overhead of such secured connections, devices may be employed in-path to terminate a secured connection downstream of the server computer, and thus alleviate some of the computational overhead on the server. In general, a secured connection termination device may appear to a client system as a server providing a secured connection. Such secured connection termination devices may also manage cryptographic and security related aspects of a connection.
It may also be useful to terminate a secured connection in order to perform any number of operations relating to network traffic. Network traffic on a secured connection is, by definition, unintelligible due to encryption. In order to perform operations relating to that network traffic, the network traffic may need to be taken out of the secured connection (e.g., for example to be decrypted). Examples of operations that may be performed on network traffic may include optimization or acceleration operations, or network security operations (e.g., intrusion detection or analysis, sniffing etc.), for example.