HANDSHAKE OFFLOAD

摘要

Cryptographically protected communications sessions are established using a distributed process. A server proxies handshake messages to another computer system that negotiates a cryptographically protected communications session with the client. When the client and other computer system complete negotiation of the session, the other computer system provides a set of session keys to the server. The server then uses the session keys to communicate with the client over the cryptographically protected communications session.

主权项

1. A computer-implemented method, comprising:
under the control of a server computer system configured with executable instructions,
establishing a network connection with a client computer system;for a first set of messages of a handshake protocol of a cryptographically protected communications protocol, proxying, over a first cryptographically protected communications session with a handshake server that uses a first symmetric cryptographic key, the first set of messages between the client computer system and the handshake server computer system thereby facilitating negotiation of a second symmetric cryptographic key for a second cryptographically protected communications session using an asymmetric key pair comprising a private cryptographic key accessible to the handshake server;obtaining the second symmetric cryptographic key from the handshake server computer system; andfor a second set of messages outside of the handshake protocol of the cryptographically protected communications protocol, using at least the second symmetric cryptographic key to cryptographically process the second set of messages.