Proxy devices equipped to provide Transport Layer Security (TLS) operate by intercepting network traffic flows between clients and servers. Specifically, a TLS proxy serves as a “man-in-the-middle,” establishing a first secure connection between the client and the proxy, and a second secure connection between the proxy and the server. With these two secure connections in place, the TLS proxy receives encrypted communications from the client over the first secure connection, and decrypts the communication for examination at the proxy. If it is determined that the traffic should be forwarded to the server, the proxy re-encrypts the traffic according to the second secure connection, and sends the traffic to the server over the second secure connection. The inverse process is also performed where encrypted traffic is received from the server over the second secure connection, decrypted at the proxy, and re-encrypted and sent to the client over the first secure connection.
Due to certain rules, such as privacy laws, decryption of some traffic, such as online banking transactions, might not be permitted. In these situations the proxy needs to either enter the transaction after it is determined from a direct client-server connection that TLS inspection is allowed, or a TLS connection is initially established which is subsequently broken if it determined that TLS inspection is not allowed. In either instance, old connections at both the client and server are broken, and new connections are established, a process that is costly at the client, server and proxy. Moreover, breaking established connections may cause operational problems for some clients and servers that operate without awareness of the intervening proxy device.