The approaches described in this section could be pursued but are not necessarily approaches that have previously been conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
An SSL is a cryptographic protocol designed for providing communication security over the Internet. Firewalls, Intrusion Prevention System (IPS), and Intrusion Detection System (IDS) security appliances can normally only inspect plain text traffic or clear text traffic and have difficulties in inspecting the SSL traffic because data packets of the SSL traffic are encrypted. Additionally, conventional Packet Capture forensic tools may be inefficient for inspecting the SSL traffic for malware, hidden threats, or for botnets. Therefore, in order to address security threats, clients may install interception proxy authority certificates in their local root stores. However, this approach is mostly used in a corporate environment.
The cryptography operations involved in SSL interceptions may be computationally intensive. Therefore, SSL interception technology can be implemented using a multiple devices solution. The multiple devices may include security appliances associated with the Firewall, the IPS, or the IDS. The multiple devices solution can distribute the loads between multiple devices and achieve higher overall performance. In case multiple devices are involved, the multiple devices may have to communicate with each other to perform certain tasks, such as to retrieve a security certificate. Conventionally, prior to establishing a secure communication connection, a separate control message connection may need to be established to fulfill the communication needs. The secure communication connection may be established immediately after the separate control message connection is established. However, such establishment of two connections may be classified to be a Distributed Denial of Service (DDoS) attack and, therefore, both the secure communication connection and the separate control message connection may be terminated by a DDoS mitigation device.