Secure sockets layer (SSL) is a cryptographic protocol used to securely send data over a network. For example, an application configured to use SSL encryption establishes a secure connection with a server encrypts data using a shared secret negotiated during the establishment of the secure connection, and sends encrypted data to the destination server. A security policy requiring applications to send and receive data using SSL, however, creates complications for applications not configured to use SSL and for legacy applications not configured to use the correct version of SSL. If an administrator modifies or establishes a security policy requiring use of SSL, a user, developer, or administrator would need to modify, update, or replace each of these applications to comply.
One approach to avoiding the need to modify, update, or replace applications is to add an SSL offloading device that acts as a proxy between the application and the server to perform SSL offloading. In this approach, the SSL offloading device initiates the SSL connection, encrypts and sends data to the server on behalf of the application, and receives and decrypts data from the server on behalf of the application. The deployment and configuration of such a device, however, is a complex task. This approach also incurs performance overhead as it splits the data transmission process into two connections: a first connection between the application and the SSL offloading device, and a second connection between the SSL offloading device and the server. When the SSL offloading device handles the SSL functionality for many applications, this second connection for each application can result in overhead and bottleneck issues for the SSL offloading device.