Systems and methods for split proxying of SSL via WAN appliances

摘要

The present invention is directed towards systems and methods for split proxying Secure Socket Layer (SSL) communications via intermediaries deployed between a client and a server. The method includes establishing, by a server-side intermediary, a SSL session with a server. A client-side intermediary may establish a second SSL session with a client using SSL configuration information received from the server-side intermediary. Both intermediaries may communicate via a third SSL session. The server-side intermediary may decrypt data received from the server using the first SSL session's session key. The server-side intermediary may transmit to the client-side intermediary, via the third SSL session, data encrypted using the third SSL session's session key. The client-side intermediary may decrypt the encrypted data using the third SSL session's session key. The client-side intermediary may transmit to the client the data encrypted using the second SSL session's session key.

主权项

1. A method for Secure Socket Layer (SSL) communications across devices intermediary to a client and a server, the method comprising:
a) establishing between a first device and a second device, a first secure socket layer (SSL) session, the first device intermediary to a client and the second device and the second device intermediary to the first device and a server, the second device having a second SSL session with the server; b) receiving, by the first device from the second device, an indication to perform a type of SSL proxying of a plurality of SSL proxying types between the first device and the second device, the plurality of SSL proxying types comprising split proxying and spoof proxying; and c) establishing by the first device and the second device, the type of SSL proxying.