Secure Sockets Layer (SSL) is a protocol used to encrypt communication between a client computer and a server computer. In this regard, reference is now made to FIG. 1A, which is a prior art diagram of a client-server system using one SSL connection. The SSL protocol enables a client computer 100 to authenticate a remote server computer 200, by means of signed certificates. The SSL protocol utilizes a handshake procedure to exchange and validate a certificate, prior to establishing an encrypted connection. Generally, the handshake procedure degrades performance and causes latency.
Often a security gateway computer is used to inspect data being communicated between server computer 200 and client computer 100. In this regard, reference is now made to FIG. 18, which is a prior art diagram of a client-server system with a security gateway computer 300, using two SSL connections. Security gateway computer 200 may detect malicious content and confidential data. As seen in FIG. 18, the SSL protocol between client computer 100 and server computer 200 is split. Each side of security gateway computer 300 establishes a separate SSL connection. There is an SSL connection between client computer 100 and security gateway computer 300, for which security gateway computer 300 acts as a server; and there is an SSL connection between security gateway 300 and server computer 200, for which security gateway computer 300 acts as a client. The additional SSL handshake required by the additional SSL connection additionally degrades performance and causes additional latency.
Often security gateway computers operate in conjunction with third party gateway computers, such as content caching gateway computers. In this regard, reference is now made to FIG. 1C, which is a prior art diagram of a client-server system with a security gateway computer 300 and a third party gateway computer 400, using three SSL connections. Third party gateway computer 400 does not inspect the data content transmitted via the SSL connection and, as such, does not need to encrypt the data content. Nevertheless, since third party gateway computer 400 is networked within an SSL connection, it must re-establish the SSL connection on both of its sides. Although the topology of FIG. 1C is technically sound, it has a significant penalty in performance and latency due to the need to perform three SSL handshakes. Moreover, the penalty is magnified if third party gateway computer 400 is replaced with a plurality of third party gateway computers.
It would thus be of advantage to provide a more efficient way to network a security gateway computer with one or more third party gateway computers, when the one or more third party gateway computers do not need to inspect data content.