Strong SSL proxy authentication with forced SSL renegotiation against a target server

摘要

An encrypted session is established between a client device and a target server device when the client device initiates network connections through a proxy device. The client device initiates an encrypted session with the proxy device. Once the encrypted session is established, the client device communicates the address of the target server device to the proxy device. Then, the proxy device sends an encrypted session renegotiation message to the client device. The client device responds to the encrypted session renegotiation message by transmitting an encrypted session handshake message to the proxy device. The proxy device forwards the encrypted session handshake message to the target server device, and continues to forward handshake messages between the client device and the target server device, enabling the client device and the target server device to establish an encrypted session.

主权项

1. A proxy device interposed between a client device and a plurality of target server devices, comprising:
a transceiver to send and receive data over a network; and a processor that is operative to perform actions comprising: establishing a first encrypted session with the client device; receiving a network identifier of a first target server device; establishing an unencrypted network connection with the first target server device, wherein the proxy device enables communication in the first encrypted session between the client device and the first target server device: sending an encrypted session renegotiation message to the client device in response to determining header information extracted from session communication between the client device and the first target server device includes criteria for a change from the first target server device, decrypting and redirecting a handshake message received from the client device to a second target server device, wherein the handshake message was sent by the client device in response to the encrypted session renegotiation message; replacing the first target server device in the first encrypted session for communication with the client device with a second target server device.