It is not uncommon for network administrators to prohibit direct connectivity between the internal network and external networks (such as the Internet). Typically, connections are routed through a proxy server functioning as a gateway processor between the two networks. Processors within the internal network connect to the proxy server, and the proxy server provides communications to the external network on behalf of those internal network processors. Application firewalls are commonly implemented via proxy servers. Typically, when implementing a firewall, the proxy server is aware of the protocol being employed (for example email, instant messaging or web-page request) and inspects communications between the networks. By introducing this single choke-point the network administrator can exert control over network activity. For example the network administrator can disallow certain protocols, restrict web-browsing to comply with regulations, or log traffic for forensic purposes. This process breaks down however, when using a protocol that requires end-to-end encryption. A protocol requiring end-to-end encryption requires that information encrypted by a source remain encrypted until received by the destination. The widely used Secure Sockets Layer (SSL) protocol and the Transport Layer Security (TLS) protocol (referred to collectively as SSL/TLS) are examples of protocols used for providing secure communications via end-to-end encryption. When using a protocol requiring end-to-end encryption, the proxy server sees encrypted data. The firewall can not inspect the encrypted data.
An attempt to work around this problem effectively utilizes a proxy server to maintain two connections. On the internal network side, the proxy server impersonates the remote site of the external network side, and on the external network side, the proxy server impersonates the internal host of the internal network side. This mediation approach however, requires trust in the proxy server and destroys the end-to-end integrity provided by the SSL/TLS protocol. Neither endpoint can be certain that the data it received originated from the proper source because the proxy server can modify the data during the exchange. Also, this approach is computationally burdensome because of the processor-intensive cryptographic operations required. Further, this approach is incompatible with mutual authentication features (such as a client processor authenticating itself to a server processor) of the SSL/TLS protocol.